Security Basics mailing list archives
Re: Spyware
From: dallas jordan <dallas.jordan () gmail com>
Date: Wed, 15 Dec 2004 14:09:24 -0500
I believe as a general rule, all traffic should be denied unless explicitly permitted. this includes incoming as well as outgoing traffic. You should start off with a "deny all" rule and then only allow specific traffic through your firewall. This way, there is less chance you may miss something. HTH. On Tue, 14 Dec 2004 17:37:48 -0500, Matt Stern <sternm () comprehensive com> wrote:
Hello all: I was just wondering if spyware sends its answers "back home" on any particular TCP or UDP port. If so, then couldn't I doubly safeguard the LAN (after trying to keep all the spyware off the workstations) by disallowing outbound communications via the firewall, for those ports? Or conversely, instead of allowing all outbound traffic, only allow the usual ports, such as 80, 443, 23, etc? Thanks. -- Matthew H. Stern, CCP/CDP, sternm () comprehensive com Serving the IT industry since 1976 Comprehensive Computer Services Inc. www.comprehensive.com Phone: 631 755-2250, Fax 755-2254 560 Broad Hollow Road, Melville NY 11747
-- Dallas Jordan CCNA, Security+ Ernst & Young LLP Security & Technology Solutions (STS) Office: 404-817-5940 Mobile: 843-991-0271 EY/Comm: 7455673 E-mail: Dallas.Jordan () ey com
Current thread:
- Spyware Matt Stern (Dec 15)
- Re: Spyware dallas jordan (Dec 16)
- Re: Spyware Liran Cohen (Dec 16)
- Re: Spyware Jon Lawhead (Dec 16)
- <Possible follow-ups>
- RE: Spyware Gross Barry D. (Dec 16)
- RE: Spyware Jeff Gercken (Dec 16)
- RE: Spyware Griffin, Van (Dec 16)
- RE: Spyware Friend, Jason A Contractor/CoTs (Dec 16)
- RE: Spyware geraldf (Dec 16)
- RE: Spyware Paris E. Stone (Dec 17)