Firewall Wizards mailing list archives
Re: Firewall best practices
From: Andre Lima <andreflima () gmail com>
Date: Sun, 21 Mar 2010 10:00:59 +0000
Hi jas,Actually, it's not about the ports to block, but the ports to allow. That's assuming you're using a drop/deny all policy, which frankly you should. But even with the deny all policy, there should be a few basic packets you should drop:
1. (if you're using iptables) drop invalid state packets2. make sure you restrict ICMP trafic and never allow echo requests to get in (avoiding smurf attacks) or any broadcast traffic for that matter. 3. don't allow IP packets with options to get in. these are usually used by hackers to make spoofed packets go back to them (ip header length must be 5!) 4. mitigate spoofing or LAND DoS attacks by denying inside traffic with source IP adresses from private networks (192.168.0.0/16, etc) 5. (this is usually default modern OS behaviour but) make sure you mitigate TCP syn flood attacks with (usually OS supported) TCP cookies.
This should be the least the firewall should do. -- André Lima Cisco Certified Network Associate - CCNA http://pwp.net.ipl.pt/alunos.isel/28838/ On 3/20/10 4:54 PM, Jason Lewis wrote:
I was configuring a new firewall and was setting up rules to block things like SMB and known trojan port and remote access client. It got me thinking that the process would be quicker if I had a list recommended ports/apps to block. Is anyone aware of such a list. Best practices for ports to block seems like something that would exists, but I haven't had any luck in my search. jas _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall best practices Jason Lewis (Mar 20)
- Re: Firewall best practices Andre Lima (Mar 23)
- Re: Firewall best practices Potter, Albert (Al) (Mar 23)
- Re: Firewall best practices arvind doraiswamy (Mar 23)