Home page logo
/

basics logo Security Basics mailing list archives

re: What addresses to put on my NEW black list?
From: "Steve Barron" <thurgoodj187 () hotmail com>
Date: Thu, 23 Feb 2006 03:12:57 -0600

Why not apply the principle of least privilege to take care of this? Permit only what should be allowed and block everything else.

Ex.
permit tcp mailserver any eq 25
Permit other outbound expected traffic
Permit tcp any any eq 80
Permit tcp any any eq 443
Deny any any

This should take care of 95% of instant messaging, streaming media and file sharing. Also, there are different implementations of instant messaging, p2p that run over port 80 to circumvent such firewall policy, but this may be a good start.I would suggest content filtering that allows group and individual URL blocking, and my experience with Websense has been great although there are many vendors that offer other products. Check with your firewall vendor for products that can be integrated.
Good Luck

Steve



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault