Re: How secure is to open ports from inside the firewall?
- From: Kim Guldberg <kim@xxxxxxxxxxxxx>
- Date: Wed, 14 Mar 2007 22:06:10 +0100
MIHO the outbound filtering is as important or more important then the inbound filtering. This is due to the fact that many exploits are using legal traffic to get in e.i. malformed port 80 requests to a web server, to force the web server to connect out. Your firewall should block the web server from connecting out.
In outbound filtering you should first block everything then allow as little as possible and make your permissions as tight as possible. If you need to open for port 53 traffic. Allow only outgoing DNS protocol type traffic to the specific DNS server and only for IP addresses which possibly need to do DNS look ups.
Regards
Kim Guldberg
GFCW, CPSA
Iosif Gasparakis skrev:
Hello list.
One silly question: How secure is to open ports from inside the firewall?
Ok, closing incoming ports is the purpose of a firewall. But what about the outgoing? Could this make someone's life who already broke into the network easier? Or is it already too late, and that someone if already in can use just any open port to send traffic out?
Please let me know your views.
Joseph
___________________________________________________________ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html
- References:
- How secure is to open ports from inside the firewall?
- From: Iosif Gasparakis
- How secure is to open ports from inside the firewall?
- Prev by Date: Re: Website limitation / report system
- Next by Date: Re: The Value of GIAC/GSEC Certification
- Previous by thread: How secure is to open ports from inside the firewall?
- Next by thread: RE: How secure is to open ports from inside the firewall?
- Index(es):
Relevant Pages
|
