mailing list archives
Re: Permissive Firewall Policy
From: "Fetch, Brandon" <BFetch () texpac com>
Date: Fri, 22 Sep 2006 17:23:32 -0400
New or not, this is a place for questions. Here goes...
There's not really a list of the "bad" ports/protocols but more
accurately a list of ports/protocols that your company needs to use.
Best option would be to create an outbound ACL with a "permit ip any any
log" and then analyze your log results after a few days/weeks to
determine the extent of ports that are used across your firewall if you
don't know that already.
Caveat with this option: if you're running a large volume of outbound
traffic you could choke your firewall with logging everything outbound
like that so be prudent with the level of logging you choose.
Based upon your analysis you should be able to come up with a nice list
of ports/protocols that are needed/in use by your installation and can
then begin whittling down the list to the bare essentials while denying
the rest without impacting overall operations of the company.
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
Sent: Thursday, September 21, 2006 10:45 AM
To: firewall-wizards () listserv icsalabs com
Subject: [fw-wiz] Permissive Firewall Policy
New to the list, so hope this has not already been covered numerous
I have been asked to move from a restrictive policy of only
allowed/permitted ports are allowed through the Firewall to a permissive
policy of deny known "bad" port/protocols and allow all else. Does
anyone have lists, bookmarks or the like to show a list of known "bad"
ports? I believe this is a bad idea but need some information to prove
how difficult it will be to manage.
Thanks in advance,
Good judgment comes with experience. Unfortunately, the experience
usually comes from bad judgment.
Kevin Hinze mailto:kevin.hinze () navigators org
Intranet Systems Engineer The Navigators
This message is intended only for the person(s) to which it is addressed
and may contain privileged, confidential and/or insider information.
If you have received this communication in error, please notify us
immediately by replying to the message and deleting it from your computer.
Any disclosure, copying, distribution, or the taking of any action concerning
the contents of this message and any attachment(s) by anyone other
than the named recipient(s) is strictly prohibited.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com