Home page logo
/

basics logo Security Basics mailing list archives

RE: Writing firewall ruleserts ... Recommend good procedure and resource for ports lookup?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 16 May 2003 15:20:03 -0700

  The usual brief guidance is:  Block everything, then allow
what you need to.  Since the default final rule on most firewalls
is "block everything else", that takes care of the first part.

  But before I start allowing things, I like to start with basic
ingress and egress address filters.  Disallow obviously spoofed
or dilatory (RFC 1918, multicast, etc) source addresses.  Block
source routing and "bounce" packets, where a packet from outside 
isn't for an internal destination.  If you filter for specific
outside hosts/networks (sites known for malware, or hosting 
services forbidden to your users), filter for them, too.

  Filter outbound traffic to limit it to allowed applications
and protocols.  Filter inbound traffic to limit it to allowed
applications and protocols *to specific server addresses*.
There may be some outbound protocols that you also want to limit
to specific internal hosts, such as DNS.

David Gillett


-----Original Message-----
From: Mark (fat) [mailto:fat () users sourceforge net]
Sent: May 16, 2003 01:27
To: security-basics () securityfocus com
Subject: RE: Writing firewall ruleserts ... Recommend good 
procedure and
resource for ports lookup?


Sorry, I kept the request vague to stay away from specific technology
but all I ended up doing was being confusing.

I am not looking for an explanation of how to write rules for 
a specific
platform. What I am interested in is the procedural steps to take to
capture requirements from a large user and developer base. i.e. a "non
technical explanation of what the firewall needs to do".

Turning these into platform specific rulesets is something I 
am ok with.

A good example would be the "open source pen testing manual". 
This lays
out the steps to take to "do" a comprehensive pen test but does not
explain how to use any tools, write code etc.... A procedural thing.

Thanks for all the replys so far :).... Appreciated

Mark(fat)

-----Original Message-----
From: Mark (fat) [mailto:fat () users sourceforge net] 
Sent: 14 May 2003 22:02
To: security-basics () securityfocus com
Subject: Writing firewall ruleserts ... Recommend good procedure and
resource for ports lookup?


I have to write firewall rulesets for a pair of back to back 
dual vendor
firewalls with multiple DMZ's from each.

Can anyone recommend a good procedure to use. Opensource 
would be great
but you cant really beat a good book.

Also can anyone recommend a good resource for translating 
services into
ports etc

Thanks

Mark(fat)


--------------------------------------------------------------
----------
---
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check
Point, 
Hacking & Assessment, Cisco Security, Wireless Security & 
more! Register
Now! --UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
--------------------------------------------------------------
----------
----


--------------------------------------------------------------
-------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, 
Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & 
more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
--------------------------------------------------------------
--------------


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]