Firewall Wizards mailing list archives
Re: Firewall best practices
From: Morty <morty+fw-wiz () frakir org>
Date: Fri, 16 Apr 2010 00:41:27 -0400
On Wed, Apr 14, 2010 at 09:10:36AM -0400, Jason Lewis wrote:
The point of my question was if you're forced into a position to open everything, what ports *should* you always block and why.
Or less controversially, suppose you *do* have a default deny, and you get requests to allow point-to-point dataflows (inbound or outbound) and/or completely open select ports outbound. Which ports/services should you fight back on or recommend alternatives? As a general rule, I fight back on protocols that do unencrypted auth and/or are intended for local LAN use and/or are very attractive to malware authors. Examples: FTP, telnet, SMTP, portmap, 135, 137, 138, 139, 445, 1433, NFS, IRC. If you have IDS, your perspective might change because crypto-enabled ports cause you to lose insight. - Morty _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall best practices R. DuFresne (Apr 13)
- <Possible follow-ups>
- Re: Firewall best practices Anton Chuvakin (Apr 14)
- Re: Firewall best practices Jason Lewis (Apr 14)
- Re: Firewall best practices Darden, Patrick S. (Apr 15)
- Re: Firewall best practices Paul D. Robertson (Apr 15)
- Re: Firewall best practices Darden, Patrick S. (Apr 15)
- Re: Firewall best practices Jason Lewis (Apr 14)
- Re: Firewall best practices John Morrison (Apr 15)
- Re: Firewall best practices Darden, Patrick S. (Apr 15)
- Re: Firewall best practices Marcus J. Ranum (Apr 15)
- Re: Firewall best practices Morty (Apr 16)
- Re: Firewall best practices Darden, Patrick S. (Apr 22)
- Re: Firewall best practices Martin Barry (Apr 22)
- Re: Firewall best practices Marcus J. Ranum (Apr 22)
- Re: Firewall best practices Martin Barry (Apr 23)
- Re: Firewall best practices Marcus J. Ranum (Apr 26)
- Re: Firewall best practices Carson Gaspar (Apr 27)
- Re: Firewall best practices ArkanoiD (Apr 28)
- Re: Firewall best practices david (Apr 26)
- Re: Firewall best practices John Morrison (Apr 27)
- Re: Firewall best practices Harrell, Matthew (Apr 27)