Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: Permissive Firewall Policy
From: Kevin <kkadow () gmail com>
Date: Fri, 22 Sep 2006 17:45:19 -0500

On 9/21/06, Kevin Hinze <kevin.hinze () navigators org> wrote:
 New to the list, so hope this has not already been covered numerous times.

I don't think anybody has posted anything nearly this silly ever
before, I will give you the benefit of the doubt and assume from how
you phrase the question that it isn't your idea.


 I have been asked to move from a restrictive policy of only
allowed/permitted ports are allowed through the Firewall to a permissive
policy of deny known "bad" port/protocols and allow all else.  Does anyone
have lists, bookmarks or the like to show a list of known "bad" ports?

There are several lists of known ports used by exploits and malware,
or you could just take the list of permitted destination ports in the
default Squid configuration and "invert" it.


 I believe this is a bad idea
but need some information to prove how difficult
it will be to manage.

I don't know that it will be difficult to manage, but it will
definitely be difficult to demonstrate effectiveness.  Just about any
TCP or UDP port can carry a "bad" protocol, many dangerous
applications are port-agile, so blocking specific ports won't do much
to stop the communications.

You could be better off just forgetting about writing IP filter rules
and instead use an IPS product to block all known bad protocols and
transactions?

Kevin
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]