Re: [fw-wiz] outbound traffic security risk

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 03/23/04

  • Next message: Robert L. Wanamaker: "RE: [fw-wiz] (no subject)"
    To: Hilal Hussein <hilalma@hotmail.com>
    Date: Tue, 23 Mar 2004 09:03:49 -0500 (EST)
    
    

    On Tue, 23 Mar 2004, Hilal Hussein wrote:

    > Dear List,
    >
    > I would like to ask about the risk of opening outbound port traffics in the
    > firewall.

    Traffic should be allowed or disallowed by policy, not by whim. What
    ports and protocols are necessary for the business to run efficiently?
    What's the associated risk with each protocol, common applications, and
    users for each of those? Which ones will the business accept the risk
    for? Looking at it any other way is backwards and bad.

    > currently, i am opening the outbound ports traffic based on the user
    > request, as pop3, and smtp traffics. I red about some risk that could be in
    > some kind of outbound traffics which might pass java scripts, or trojan
    > horses, or other kind of attacks during the opened session from users
    > (inside the network) to the outbound.

    Allowing external mail is pretty risky, especially if you don't have
    control over browser versions, controls, etc.

    Also, most trojaned machines "phone home" outwards, instead of taking
    connections inbound these days. Blocking outbound traffic means that
    those systems can't be controlled.

    > so please, i need to know of any risk that could come with some kind of
    > outbound traffics, and if there is a good link for resources about the
    > latest news of vulnerabilities of such outbound traffics.

    Risk comes from connectivity. The more connectivity, the more risk.
    Firewalls reduce risk by controlling and limiting connectivity. The more
    you limit, the less risk you accept.

    The more you allow, the less value you get from the firewall, until a
    point where you get none.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Robert L. Wanamaker: "RE: [fw-wiz] (no subject)"