Re: [fw-wiz] RE: In defense of non standard ports
- From: "Paul D. Robertson" <paul@xxxxxxxxxxxx>
- Date: Tue, 24 Jan 2006 19:35:55 -0500 (EST)
On Tue, 24 Jan 2006, ArkanoiD wrote:
> Allowing uncotrolled HTTP CONNECT to any port seems quite suicidal for
> any reasonable security policy, am i wrong?
As suicidal as allowing all TCP outbound. Which is happening *way* too
much, and is the reason we see things like botnets rapant on hospital
networks.
I think you shouldn't be allowed to install I{D,P}S until your firewall
ruleset is this | high.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] RE: In defense of non standard ports
- From: Tim Shea
- Re: [fw-wiz] RE: In defense of non standard ports
- References:
- Re: [fw-wiz] RE: In defense of non standard ports
- From: ArkanoiD
- Re: [fw-wiz] RE: In defense of non standard ports
- Prev by Date: Re: [fw-wiz] X server in a Firewall
- Next by Date: Re: [fw-wiz] RE: IDS (was: FW appliance comparison)
- Previous by thread: Re: [fw-wiz] RE: In defense of non standard ports
- Next by thread: Re: [fw-wiz] RE: In defense of non standard ports
- Index(es):
Relevant Pages
|
|
