http://infosecplace.com/blog/2006/08/02/pay-it-forward-security-tip-of-the-day/ Commentary on the State of Information Security Sun, 10 Jan 2010 16:13:08 -0700 http://wordpress.org/?v=2.9.1 hourly 1 http://infosecplace.com/blog/2006/08/02/pay-it-forward-security-tip-of-the-day/comment-page-1/#comment-152 mcwresearch.com » Pay it forward: Firewall tips Wed, 02 Aug 2006 20:54:08 +0000 http://infosecplace.com/blog/2006/08/02/pay-it-forward-security-tip-of-the-day/#comment-152 [...] Michael Farnum took it a step further in his tip-of-the-day by proposing an extra layer of protection for the ports you do allow out of your network, by using a proxy. An a side note, I’m used to working with firewalls that have an implicit “deny all” at the end of each ACL so I normally start my ACL’s with explicit denys of P2P and IRC, followed by permits of legit traffic. However, he has a good point that to be clean and thorough, end your ACL’s with a clean-up rule of ‘deny all any to any’ [...] [...] Michael Farnum took it a step further in his tip-of-the-day by proposing an extra layer of protection for the ports you do allow out of your network, by using a proxy. An a side note, I’m used to working with firewalls that have an implicit “deny all” at the end of each ACL so I normally start my ACL’s with explicit denys of P2P and IRC, followed by permits of legit traffic. However, he has a good point that to be clean and thorough, end your ACL’s with a clean-up rule of ‘deny all any to any’ [...]

]]>