Firewall setup

From: Gaz Wilson (dragon_at_dragons.org.uk)
Date: 09/15/03

  • Next message: Birl: "Re: Stop browsing the web through GP?"
    Date: Mon, 15 Sep 2003 16:33:46 +0100 (BST)
    To: security-basics@securityfocus.com
    
    

    Hi all,

    I'm about to get *DSL in my village, and I am going to want to operate
    a firewall naturally. I know about blocking all incoming ports bar
    any service I want to run and "return connections", but with the
    increase in worms et al flying around (mixed network, UNIX and
    Windows (prob 2k)), it strikes me that being a bit more proactive
    and blocking certain outgoing ports would be a good idea. I don't
    need any MS based traffic leaving the private network, so I wanted to
    ask the specialists, you lot, what your opinions are of what would be a
    fairly secure set of ports to block to help stop info leakage etc?
    (I don't want to block all outgoing except for known services though, as
    the uses of the boxes on the network may vary and I don't want to have to
    reconfig the firewall quite that often :) )

    TIA

    Gaz

    -- 
      _           _          _a' /(   <.  # Gaz Wilson, aka DragonLord
     /_/ _   _/  / ` / _  ~~ _}\ \(  _  ) # E-Mail:   dragon@dragons.org.uk
    / \ /_'/_/  /_, / /_||/|/   \(,_(,)'  # Info: http://www.dragons.org.uk
    Catch me with the Dragons. ._>, _>,   # Chat: http://www.redclaw.org.uk/
    ---------------------------------------------------------------------------
    Captus Networks 
    Are you prepared for the next Sobig & Blaster? 
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
     - Precisely Define and Implement Network Security 
     - Automatically Control P2P, IM and Spam Traffic 
    FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------
    

  • Next message: Birl: "Re: Stop browsing the web through GP?"