mailing list archives
Re: How secure is to open ports from inside the firewall?
From: Kim Guldberg <kim () bufferzone dk>
Date: Wed, 14 Mar 2007 22:06:10 +0100
MIHO the outbound filtering is as important or more important then the
inbound filtering. This is due to the fact that many exploits are using
legal traffic to get in e.i. malformed port 80 requests to a web server,
to force the web server to connect out. Your firewall should block the
web server from connecting out.
In outbound filtering you should first block everything then allow as
little as possible and make your permissions as tight as possible. If
you need to open for port 53 traffic. Allow only outgoing DNS protocol
type traffic to the specific DNS server and only for IP addresses which
possibly need to do DNS look ups.
Iosif Gasparakis skrev:
One silly question: How secure is to open ports from inside the firewall?
Ok, closing incoming ports is the purpose of a firewall. But what about the outgoing? Could this make someone's life
who already broke into the network easier? Or is it already too late, and that someone if already in can use just any open
port to send traffic out?
Please let me know your views.
The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html