[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] What ports are secure to open
There are differing thoughts on this, but I will give you my .02 The most secure stance is to have a corporate policy which states that you will deny all, except that which is explicitly allowed. Additionally, I would not allow any direct outbound access from any workstation. Instead, I would setup an internal proxy server which the user must authenticate to,(M$ proxy would work fine)and then allow only certain ports (80, 443, etc) There used to be a time you could state that you would only open "safe ports", but with the advent of trojans, no port is "safe." So, I recommend: 1) Proxy for all internet access that requires authentication 2) No direct outbound access Michael Tench _______________________________________________________________ Hello, We have a fairly secure infrastructure at our site when it comes to services that have been restricted on our firewall. However, there seems to be an escalating demand to open up more ports from top management. These services are not really a necessity - more like a luxury. However, the top management don't really understand the security risks associated with opening up ports on the firewall. Is there a site which tells you exactly what vulnerabilities you expose your network to when you open up specific ports (well known ports). For instance, Real Audio, NNTP etc. _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|