Home page logo
/

basics logo Security Basics mailing list archives

re: What addresses to put on my NEW black list?
From: "Jim Halfpenny" <jim () openanswers co uk>
Date: Fri, 24 Feb 2006 09:24:00 -0000 (GMT)

Why not apply the principle of least privilege to take care of this?
Permit
only what should be allowed and block everything else.

Ex.
permit tcp mailserver any eq 25
Permit other outbound expected traffic
Permit tcp any any eq 80
Permit tcp any any eq 443
Deny any any

Hi,
I feel the principle of least privilege should go more along the lines of,
"Deny any any." Hosts on your network, particularly desktop PCs should
have the least possible privilege with regards to accessing the Internet,
and in most cases that is no access whatsoever. SMTP can be handled by
your own mail gateway. Web traffic should be handled by your own web
proxy.

I believe that it is wisest to restrict egress from your network to as few
places as possible. This goes a long way to mitigating the seurity and
policy violation risks associated with unresticted net access. This way
you can monitor and restrict traffic as you see fit.

Regards,
Jim Halfpenny


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault