NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] What ports are secure to open



There are differing thoughts on this, but I will give you my .02

The most secure stance is to have a corporate policy which states that you
will deny all, except that which is explicitly allowed. Additionally, I
would not allow any direct outbound access from any workstation. Instead, I
would setup an internal proxy server which the user must authenticate to,(M$
proxy would work fine)and then allow only certain ports (80, 443, etc)
There used to be a time you could state that you would only open "safe
ports", but with the advent of trojans, no port is "safe." So, I recommend:
1) Proxy for all internet access that requires authentication
2) No direct outbound access





Michael Tench

_______________________________________________________________
Hello,
We have a fairly secure infrastructure at our site when it comes to services
that have been restricted on our firewall. However, there seems to be an
escalating demand to open up more ports from top management. These services
are not really a necessity - more like a luxury. However, the top management
don't really understand the security risks associated with opening up ports
on the firewall. Is there a site which tells you exactly what
vulnerabilities you expose your network to when you open up specific ports
(well known ports). For instance, Real Audio, NNTP etc.






_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.