Re: [fw-wiz] Firewall best practices



I'm not really sure anything of that sort will be available anywhere.
Even if it is I'd advise you take it with a big pinch of salt. Reason
being I think there's only 1 "best" list -- Thats based on the "what
you need" principle.

Meaning I could rattle off a list of say 10 ports which should not be
exposed...but it'd all be utterly useless if your business demanded
those remain open. So if there's legacy code in your setup which
demands that UDP ports between 1024 and 65535 remain open... and they
are not willing to phase it out -- the best thing you can then do is
restrict IP addresses and put other compensatory controls in place.

To sum up - The best list is:

a) Grant access to exactly what you need in your environment.
Wireshark is your friend.
b) Deny all else

Not exactly what you're looking for maybe...but its just an approach
I think sort of fits IMHO.

Cheers
Arvind

On Sat, Mar 20, 2010 at 10:24 PM, Jason Lewis <jlewis@xxxxxxxxxxxxxxx> wrote:
I was configuring a new firewall and was setting up rules to block
things like SMB and known trojan port and remote access client.  It
got me thinking that the process would be quicker if I had a list
recommended ports/apps to block.

Is anyone aware of such a list.  Best practices for ports to block
seems like something that would exists, but I haven't had any luck in
my search.

jas
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [kde] Im feeling paranoid - with good reason.
    ... The new one stealths all ports. ... Open source is very open to this sort of thing ... SpeedTouch 510 modem with Shieldup at grc.com. ...
    (KDE)
  • Re: Confounded by Firestarter "Issues"...
    ... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
    (Debian-User)
  • Re: Confounded by Firestarter "Issues"...
    ... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
    (Debian-User)
  • Re: Confounded by Firestarter "Issues"...
    ... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
    (Debian-User)
  • Re: Confounded by Firestarter "Issues"...
    ... how to control which *applications* can communicate (beginning with a ... I just want things like a browser to be able to ... is that a running program just uses one or more ports for communication ... I'm trying to sort of dummy up that feature ...
    (Debian-User)