NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] What ports are secure to open




Since this seems like a cool thread establishing here, just wanted to add
some more generalized notes... 

In addition to what Michael mentioned:

Always remember that any open port is an insecure port.  :)

This means you have to be vigilant:

-the security of the open port is only as secure as the host system traffic
is being allowed to
-secure the hosts you are allowing traffic to {harden the OS, make sure all
security patches are applied, logging/auditing is enabled, etc.}
-use some form of IDS tool to monitor all network activitiy inbound/outbound
-have policies in place to perform routine network/host security sweeps to
check for known vulnerabilities, etc.
-make sure you have policies in place for the "Response" portion: What do
you do when you find out someone is attacking you - or has compromised your
system(s) ?
-as Michael mentioned: use "egress" filtering - good articles on this and
others at http://www.sans.org/infosecFAQ/index.htm

A good foundation for a theoritical, non-vendor specific service to
vulnerability analysis would be the book "Building Internet Firewalls - 2nd
Edition" (ISBN:) going for about $36.00 on Amazon.  :)



>There are differing thoughts on this, but I will give you my .02
>
>The most secure stance is to have a corporate policy which states that you
>will deny all, except that which is explicitly allowed. Additionally, I
>would not allow any direct outbound access from any workstation. Instead, I
>would setup an internal proxy server which the user must authenticate
to,(M$
>proxy would work fine)and then allow only certain ports (80, 443, etc)
>There used to be a time you could state that you would only open "safe
>ports", but with the advent of trojans, no port is "safe." So, I recommend:
>1) Proxy for all internet access that requires authentication
>2) No direct outbound access
>
>
>
>
>
>Michael Tench
>
>_______________________________________________________________
>Hello,
>We have a fairly secure infrastructure at our site when it comes to
services
>that have been restricted on our firewall. However, there seems to be an
>escalating demand to open up more ports from top management. These services
>are not really a necessity - more like a luxury. However, the top
management
>don't really understand the security risks associated with opening up ports
>on the firewall. Is there a site which tells you exactly what
>vulnerabilities you expose your network to when you open up specific ports
>(well known ports). For instance, Real Audio, NNTP etc.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.