Security Basics mailing list archives
Re: Open All Outbound Ports?
From: Vince Hillier <vdh () plutonium homeunix com>
Date: 09 Nov 2002 13:46:18 -0500
On Thu, 2002-11-07 at 20:33, tony tony wrote:
Hi, Our firewall group has came to me several times over the last few months wanting my approval to open all of the OUTBOUND ports on our firewall facing the internet. Their argument is that this would not significantly reduce our security and it will reduce their time/effort in administration.
Bas idea... Lazyness is overcoming them, and your security will be the cost. What hapens when somebody opens up that pretty icon in their email, and they see a nice little animation, yet 31337 h4x0r (mmmhmm) takes remote control? Time to get a new firewall group ;)
They claim they get several requests a week to open up out bound ports and the number keeps growing each month. They want to go for the gusto and open up all 65,000+ outbound ports.
Are they kidding? how many ports can the open? I know it's alot of work /initially/, but honestly, ask yourself that qeuestion. Once a firewall is properly configured, the maintenance is and should be minimal.
I am in the security area and they want my agreement/sign off before they do this. It just does not feel/smell right but I am losing ground with my arguments. What are some good arguments I can use?
You're right, it doesn't smell right, how do you know someone internal has not planed something to take control remotely? In the end, your job could be on the line... if they can go above your head and get the approval, let them. But don't you approve it, unless of course, you can explain why you authorized something that costed the company "billions" of dollars. It's always billions... even in 50 people operations... ;)
Tony __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
Current thread:
- Open All Outbound Ports? tony tony (Nov 08)
- RE: Open All Outbound Ports? Bill Lavalette (Nov 09)
- Re: Open All Outbound Ports? Meritt James (Nov 12)
- Re: Open All Outbound Ports? Sumit Dhar (Nov 13)
- Re: Open All Outbound Ports? Meritt James (Nov 12)
- Re: Open All Outbound Ports? Jens Rantil (Nov 09)
- Re: Open All Outbound Ports? Vince Hillier (Nov 11)
- RE: Open All Outbound Ports? Clint Harris (Nov 12)
- AW: Open All Outbound Ports? Robert Sieber (Nov 13)
- <Possible follow-ups>
- RE: Open All Outbound Ports? Garbrecht, Frederick (Nov 11)
- RE: Open All Outbound Ports? Naveed Ahmed (Nov 12)
- Re: Open All Outbound Ports? m2dzus (Nov 11)
- Re: Open All Outbound Ports? James Butcher (Nov 12)
- Re: Open All Outbound Ports? mitch_latham (Nov 11)
- Re: Open All Outbound Ports? Chris Berry (Nov 12)
- RE: Open All Outbound Ports? Chris Alliey (Nov 15)
- RE: Open All Outbound Ports? Mark Merchant (Nov 18)
- RE: Open All Outbound Ports? Chris Alliey (Nov 15)
(Thread continues...)
- RE: Open All Outbound Ports? Bill Lavalette (Nov 09)