[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] What ports are secure to open
Since this seems like a cool thread establishing here, just wanted to add some more generalized notes... In addition to what Michael mentioned: Always remember that any open port is an insecure port. :) This means you have to be vigilant: -the security of the open port is only as secure as the host system traffic is being allowed to -secure the hosts you are allowing traffic to {harden the OS, make sure all security patches are applied, logging/auditing is enabled, etc.} -use some form of IDS tool to monitor all network activitiy inbound/outbound -have policies in place to perform routine network/host security sweeps to check for known vulnerabilities, etc. -make sure you have policies in place for the "Response" portion: What do you do when you find out someone is attacking you - or has compromised your system(s) ? -as Michael mentioned: use "egress" filtering - good articles on this and others at http://www.sans.org/infosecFAQ/index.htm A good foundation for a theoritical, non-vendor specific service to vulnerability analysis would be the book "Building Internet Firewalls - 2nd Edition" (ISBN:) going for about $36.00 on Amazon. :) >There are differing thoughts on this, but I will give you my .02 > >The most secure stance is to have a corporate policy which states that you >will deny all, except that which is explicitly allowed. Additionally, I >would not allow any direct outbound access from any workstation. Instead, I >would setup an internal proxy server which the user must authenticate to,(M$ >proxy would work fine)and then allow only certain ports (80, 443, etc) >There used to be a time you could state that you would only open "safe >ports", but with the advent of trojans, no port is "safe." So, I recommend: >1) Proxy for all internet access that requires authentication >2) No direct outbound access > > > > > >Michael Tench > >_______________________________________________________________ >Hello, >We have a fairly secure infrastructure at our site when it comes to services >that have been restricted on our firewall. However, there seems to be an >escalating demand to open up more ports from top management. These services >are not really a necessity - more like a luxury. However, the top management >don't really understand the security risks associated with opening up ports >on the firewall. Is there a site which tells you exactly what >vulnerabilities you expose your network to when you open up specific ports >(well known ports). For instance, Real Audio, NNTP etc. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|