Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network

From: Tina Bird (tbird_at_precision-guesswork.com)
Date: 05/28/03

  • Next message: Hugh Blandford: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network" 
    To: Paul Robertson <proberts@patriot.net>
Date: Tue, 27 May 2003 20:27:50 -0700 (PDT)

    On Tue, 27 May 2003, Paul Robertson wrote:

    > On Wed, 28 May 2003, Hugh Blandford wrote:
    >
    > > Please take into consideration that if they had a firewall, it would be
    > > setup to allow all outbound traffic and let the 'responses' back in. There
    >
    > That's a silly and mostly specious pre-requisite. For instance, most
    > small office users have *no* need for IRC, and given that IRC is *the*
    > major control vector for trojaned machines, why the heck would you allow it
    > outbound from a small office? Nuke 6667/tcp outbound and you decrease the
    > chance of being owned rather significantly, and you break less than 1/2 of
    > 1% of SOHO users.

    if you continue down the road of "what things do i block to prevent most
    attacks," please be sure to add the microsoft netbios and netbeui ports
    (TCP/UDP 137-139, 445) -- at least at stanford, blocking those inbound and
    outbound at our perimeter has prevented a great deal of grief.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Hugh Blandford: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"

    Relevant Pages

    • Re: Cant Ping Windows 2003 server after R2 Upgrade..HELP!
      ... UPDATE* -- i've enabled to the windows firewall just to see what can be ... i then adjust the ICMP setting to allow ALL icmp. ... Enable 3 Allow outbound destination unreachable ... ICMP configuration for Local Area Connection 7: ...
      (microsoft.public.win2000.active_directory)
    • Re: black ice usage question
      ... It relies on it's application control for outbound protection. ... restrict the entire machine from accessing certain ports either. ... firewall will allow the user to restrict all access to only the ports ...
      (comp.security.firewalls)
    • Re: Firewall of SP2 is good?
      ... >> PFW solutions and some people do consider App Control a limited means ... then it cannot send any outbound traffic. ... > connections to an application. ... The firewall does NOT stop any ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Benefit of firewall over NAT-only protected network
      ... Paul Robertson wrote: ... >> setup to allow all outbound traffic and let the 'responses' back in. ... Blocking outbound 6667/tcp doesn't decrease the risk of being owned in the sense ... assumption that a firewall should permit all outbound traffic and all responses ...
      (Firewall-Wizards)
    • Re: Network Firewall/Routing Solution
      ... > for a good solution to route inbound and outbound traffic. ... > firewall combo boxes that linksys sells, and I really don't want to run ... > I will need to deal with inbound web and ftp requests from the ... > non-pasv connections. ...
      (comp.security.firewalls)