Open All Outbound Ports?

From: tony tony (tonytorri@yahoo.com)
Date: 11/08/02


Date: Thu, 7 Nov 2002 17:33:52 -0800 (PST)
From: tony tony <tonytorri@yahoo.com>
To: security-basics@securityfocus.com

Hi,

Our firewall group has came to me several times over the last few months
wanting my approval to open all of the “OUTBOUND” ports on our firewall facing
the internet. Their argument is that this would not significantly reduce our
security and it will reduce their time/effort in administration. They claim
they get several requests a week to open up out bound ports and the number
keeps growing each month. They want to go for the gusto…and open up all 65,000+
outbound ports.

I am in the security area and they want my agreement/sign off before they do
this. It just does not “feel/smell right” but I am losing ground with my
arguments. What are some good arguments I can use?

Tony

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2



Relevant Pages

  • Re: Open All Outbound Ports?
    ... > Our firewall group has came to me several times over the last few months ... > wanting my approval to open all of the “OUTBOUND” ports on our firewall facing ... > outbound ports. ... > I am in the security area and they want my agreement/sign off before they do ...
    (Security-Basics)
  • Re: Open All Outbound Ports?
    ... > Our firewall group has came to me several times over the last few months ... > wanting my approval to open all of the _OUTBOUND_ ports on our firewall facing ... > outbound ports. ... > I am in the security area and they want my agreement/sign off before they do ...
    (Security-Basics)
  • Re: Open All Outbound Ports?
    ... >Our firewall group has came to me several times over the last few>months ... >wanting my approval to open all of the “OUTBOUND” ports on our>firewall ... "And here in our server room you can see our Beowolf Cluster of C64's that ...
    (Security-Basics)
  • Re: I am sick of windows firewall
    ... I use the AnalogX IPsec rules to supplement BlackIce ... need IPsec to stop outbound that BlackIce cannot do by ... attempts on the Windows networking ports even though BI ... supplemental packet filtering solution. ...
    (comp.security.firewalls)
  • Re: security advice (possible hacker activity?)
    ... Well, it's entirely up to you, but usually blocking all ports both outbound ... trojan or worm is installed onto the web server. ... the IIS web server. ...
    (microsoft.public.inetserver.iis.security)