Pay it Forward Security tip of the day
on August 2nd, 2006 at 2:41 pmI am going to sponge off of Michael’s tip at MCWResearch for my tip of the day. Michael gives some good advice for configuring and managing firewalls (Michael must be old-school security, since firewalls aren’t needed anymore – right….).
He specifically talks about egress filtering, which is something many companies do not take use in their security. Michael talks about specifically blocking certain ports, but I think you should go a step further and have default deny on all traffic incoming AND outgoing, then open ports as needed. It makes sense, but many people do not think outbound needs to be filtered. But as Michael pointed out, allowing IRC is inviting bots to start popping up on your network, and then the bots continue to report back to the IRC server. They establish the connection, so no inbound port needs to be open for the attack.
Additionally, I suggest Websense or something similiar to block specific protocol access (again, default deny and allow as needed). This can be another layer that can protect against web proxies and anonymizers and the like so your users can’t try to get around your firewall.
Vet
Pings & Trackbacks ¬