Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: In defense of non standard ports

From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 24 Jan 2006 19:35:55 -0500 (EST)
On Tue, 24 Jan 2006, ArkanoiD wrote:


Allowing uncotrolled HTTP CONNECT to any port seems quite suicidal for
any reasonable security policy, am i wrong?


As suicidal as allowing all TCP outbound.  Which is happening *way* too 
much, and is the reason we see things like botnets rapant on hospital 
networks.

I think you shouldn't be allowed to install I{D,P}S until your firewall 
ruleset is this | high.

Paul 
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: