Home page logo
/

basics logo Security Basics mailing list archives

Re: Open All Outbound Ports?
From: "James Lee Gromoll" <jgromoll () hotmail com>
Date: Thu, 14 Nov 2002 09:34:41 -0800

Wow! When I first read this I thought, "Gee, what kind of drugs is his firewall group on?" then I found the whole point of this.....

++++ I am in the security area and they want my agreement/sign off before they do this. ++++

They are obviously looking for a fall guy. Feel like a chump? In all honesty, you might and probably should be pissed off that they even considered this. The flood of peer to peer proggies not to mention the IM crap and everything else associated with doing that is silly. They're firewall guys; do the homework and figure out what's going on; block what needs blocking and open what needs open for your business.

jim


From: David Weinberg <weinberg () bigpond net au>
To: 'tony tony' <tonytorri () yahoo com>,security-basics () securityfocus com, tonytorri () yahoo com
Subject: Re: Open All Outbound Ports? Date: Tue, 12 Nov 2002 10:36:51 +1100

Opening all outbound ports will also alow peer-peer programs (like
Kazza, Napster etc) and Spyware which will consume *most* of your
bandwidth.

So asside from the obvious security risks (tojans etc), you can also
watch your bandwidth go down, down, down.

Unless ofcourse, you work for an ISP/Telco ;)


> > Hi,
> >
> > Our firewall group has came to me several times over the last
> few months
> > wanting my approval to open all of the ?OUTBOUND? ports on our
> firewall facing
> > the internet.  Their argument is that this would not
> significantly reduce our
> > security and it will reduce their time/effort in administration.
> They claim
> > they get several requests a week to open up out bound ports and
> the number
> > keeps growing each month. They want to go for the gusto?and open
> up all 65,000+
> > outbound ports.
> >
> > I am in the security area and they want my agreement/sign off
> before they do
> > this.  It just does not ?feel/smell right? but I am losing
> ground with my
> > arguments.  What are some good arguments I can use?
> >
> > Tony
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > U2 on LAUNCH - Exclusive greatest hits videos
> > http://launch.yahoo.com/u2
>



_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]