Re: Firewall best practices

[Morty <morty+fw-wiz () frakir org>]

On Wed, Apr 14, 2010 at 09:10:36AM -0400, Jason Lewis wrote:

> The point of my question was if you're forced into a position to
> open everything, what ports *should* you always block and why.

Or less controversially, suppose you *do* have a default deny, and you
get requests to allow point-to-point dataflows (inbound or outbound)
and/or completely open select ports outbound.  Which ports/services
should you fight back on or recommend alternatives?  As a general
rule, I fight back on protocols that do unencrypted auth and/or are
intended for local LAN use and/or are very attractive to malware
authors.  Examples: FTP, telnet, SMTP, portmap, 135, 137, 138, 139,
445, 1433, NFS, IRC.

If you have IDS, your perspective might change because crypto-enabled
ports cause you to lose insight.

- Morty
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards