Home page logo
/

basics logo Security Basics mailing list archives

Re: How secure is to open ports from inside the firewall?
From: Kim Guldberg <kim () bufferzone dk>
Date: Wed, 14 Mar 2007 22:06:10 +0100

MIHO the outbound filtering is as important or more important then the inbound filtering. This is due to the fact that many exploits are using legal traffic to get in e.i. malformed port 80 requests to a web server, to force the web server to connect out. Your firewall should block the web server from connecting out. In outbound filtering you should first block everything then allow as little as possible and make your permissions as tight as possible. If you need to open for port 53 traffic. Allow only outgoing DNS protocol type traffic to the specific DNS server and only for IP addresses which possibly need to do DNS look ups.

Regards
Kim Guldberg
GFCW, CPSA


Iosif Gasparakis skrev:
Hello list.

One silly question: How secure is to open ports from inside the firewall?

Ok, closing incoming ports is the purpose of a firewall. But what about the outgoing? Could this make someone's life 
who already broke into the network easier? Or is it already too late, and that someone if already in can use just any open 
port to send traffic out?

Please let me know your views.

Joseph




                
___________________________________________________________ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault