Re: [fw-wiz] Firewall best practices

I'm not really sure anything of that sort will be available anywhere.
Even if it is I'd advise you take it with a big pinch of salt. Reason
being I think there's only 1 "best" list -- Thats based on the "what
you need" principle.

Meaning I could rattle off a list of say 10 ports which should not be
exposed...but it'd all be utterly useless if your business demanded
those remain open. So if there's legacy code in your setup which
demands that UDP ports between 1024 and 65535 remain open... and they
are not willing to phase it out -- the best thing you can then do is
restrict IP addresses and put other compensatory controls in place.

To sum up - The best list is:

a) Grant access to exactly what you need in your environment.
Wireshark is your friend.
b) Deny all else

Not exactly what you're looking for maybe...but its just an approach
I think sort of fits IMHO.


On Sat, Mar 20, 2010 at 10:24 PM, Jason Lewis <jlewis@xxxxxxxxxxxxxxx> wrote:
I was configuring a new firewall and was setting up rules to block
things like SMB and known trojan port and remote access client.  It
got me thinking that the process would be quicker if I had a list
recommended ports/apps to block.

Is anyone aware of such a list.  Best practices for ports to block
seems like something that would exists, but I haven't had any luck in
my search.

firewall-wizards mailing list

firewall-wizards mailing list