Re: [fw-wiz] Firewall best practices

From: arvind doraiswamy <arvind.doraiswamy@xxxxxxxxx>
Date: Mon, 22 Mar 2010 22:07:35 +0530

I'm not really sure anything of that sort will be available anywhere.
Even if it is I'd advise you take it with a big pinch of salt. Reason
being I think there's only 1 "best" list -- Thats based on the "what
you need" principle.

Meaning I could rattle off a list of say 10 ports which should not be
exposed...but it'd all be utterly useless if your business demanded
those remain open. So if there's legacy code in your setup which
demands that UDP ports between 1024 and 65535 remain open... and they
are not willing to phase it out -- the best thing you can then do is
restrict IP addresses and put other compensatory controls in place.

To sum up - The best list is:

a) Grant access to exactly what you need in your environment.
Wireshark is your friend.
b) Deny all else

Not exactly what you're looking for maybe...but its just an approach
I think sort of fits IMHO.

Cheers
Arvind

On Sat, Mar 20, 2010 at 10:24 PM, Jason Lewis <jlewis@xxxxxxxxxxxxxxx> wrote:

I was configuring a new firewall and was setting up rules to block
things like SMB and known trojan port and remote access client. It
got me thinking that the process would be quicker if I had a list
recommended ports/apps to block.

Is anyone aware of such a list. Best practices for ports to block
seems like something that would exists, but I haven't had any luck in
my search.

jas
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

References:
- [fw-wiz] Firewall best practices
  - From: Jason Lewis

Prev by Date: Re: [fw-wiz] Firewall best practices
Next by Date: [fw-wiz] Ruxcon 2010 Call For Papers
Previous by thread: Re: [fw-wiz] Firewall best practices
Next by thread: [fw-wiz] Call for papers: ISP-10, USA, July 2010
Index(es):
- Date
- Thread

Relevant Pages

Re: [kde] Im feeling paranoid - with good reason.
... The new one stealths all ports. ... Open source is very open to this sort of thing ... SpeedTouch 510 modem with Shieldup at grc.com. ...
(KDE)
Re: Confounded by Firestarter "Issues"...
... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
(Debian-User)
Re: Confounded by Firestarter "Issues"...
... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
(Debian-User)
Re: Confounded by Firestarter "Issues"...
... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
(Debian-User)
Re: Confounded by Firestarter "Issues"...
... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
(Debian-User)