[fw-wiz] Permissive Firewall Policy
BFetch at texpac.com
Fri Sep 22 17:23:32 EDT 2006
New or not, this is a place for questions. Here goes...
There's not really a list of the "bad" ports/protocols but more
accurately a list of ports/protocols that your company needs to use.
Best option would be to create an outbound ACL with a "permit ip any any
log" and then analyze your log results after a few days/weeks to
determine the extent of ports that are used across your firewall if you
don't know that already.
Caveat with this option: if you're running a large volume of outbound
traffic you could choke your firewall with logging everything outbound
like that so be prudent with the level of logging you choose.
Based upon your analysis you should be able to come up with a nice list
of ports/protocols that are needed/in use by your installation and can
then begin whittling down the list to the bare essentials while denying
the rest without impacting overall operations of the company.
From: firewall-wizards-bounces at listserv.icsalabs.com
[mailto:firewall-wizards-bounces at listserv.icsalabs.com] On Behalf Of
Sent: Thursday, September 21, 2006 10:45 AM
To: firewall-wizards at listserv.icsalabs.com
Subject: [fw-wiz] Permissive Firewall Policy
New to the list, so hope this has not already been covered numerous
I have been asked to move from a restrictive policy of only
allowed/permitted ports are allowed through the Firewall to a permissive
policy of deny known "bad" port/protocols and allow all else. Does
anyone have lists, bookmarks or the like to show a list of known "bad"
ports? I believe this is a bad idea but need some information to prove
how difficult it will be to manage.
Thanks in advance,
Good judgment comes with experience. Unfortunately, the experience
usually comes from bad judgment.
Kevin Hinze mailto:kevin.hinze at navigators.org
Intranet Systems Engineer The Navigators
This message is intended only for the person(s) to which it is addressed
and may contain privileged, confidential and/or insider information.
If you have received this communication in error, please notify us
immediately by replying to the message and deleting it from your computer.
Any disclosure, copying, distribution, or the taking of any action concerning
the contents of this message and any attachment(s) by anyone other
than the named recipient(s) is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the firewall-wizards