Firewall Wizards mailing list archives

Re: outbound traffic security risk

From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 23 Mar 2004 09:03:49 -0500 (EST)

On Tue, 23 Mar 2004, Hilal Hussein wrote:

Dear List,

I would like to ask about the risk of opening outbound port traffics in the
firewall.


Traffic should be allowed or disallowed by policy, not by whim.  What
ports and protocols are necessary for the business to run efficiently?
What's the associated risk with each protocol, common applications, and
users for each of those?  Which ones will the business accept the risk
for?  Looking at it any other way is backwards and bad.

currently, i am opening the outbound ports traffic based on the user
request, as pop3, and smtp traffics. I red about some risk that could be in
some kind of outbound traffics which might pass java scripts, or trojan
horses, or other kind of attacks during the opened session from users
(inside the network) to the outbound.


Allowing external mail is pretty risky, especially if you don't have
control over browser versions, controls, etc.

Also, most trojaned machines "phone home" outwards, instead of taking
connections inbound these days.  Blocking outbound traffic means that
those systems can't be controlled.

so please, i need to know of any risk that could come with some kind of
outbound traffics, and if there is a good link for resources about the
latest news of vulnerabilities of such outbound traffics.


Risk comes from connectivity.  The more connectivity, the more risk.
Firewalls reduce risk by controlling and limiting connectivity.  The more
you limit, the less risk you accept.

The more you allow, the less value you get from the firewall, until a
point where you get none.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

outbound traffic security risk Hilal Hussein (Mar 23)
- Re: outbound traffic security risk Paul D. Robertson (Mar 23)
- Re: outbound traffic security risk Holger Kipp (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 24)
- <Possible follow-ups>
- Re: outbound traffic security risk Mitchell Rowton (Mar 23)
  - Re: outbound traffic security risk Devdas Bhagat (Mar 23)
- Re: outbound traffic security risk Mitchell Rowton (Mar 24)
- Re: outbound traffic security risk Devdas Bhagat (Mar 24)