Security Basics mailing list archives
RE: Unrestricted Outbound Web Server Access Opinion
From: "Hamish Stanaway" <koremeltdown () hotmail com>
Date: Wed, 04 May 2005 09:51:16 +0000
Hi there Paul,Another reason you might not want to do this is because if you had no restrictions on outbound connections a worm infection might cause your infected server(s) to end up on blacklists, effectivly cutting your servers reach... meaning some people may consider your machine "bad". If you continued restrictions, hopefully this would never happen. Having no restrictions on outbound connections on a T1 is just asking for trouble.
Kindest of regards, Hamish Stanaway, CEO Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Auckland, New Zealand http://www.webhosting.net.nz http://www.buywebhosting.co.nz http://www.koreworks.com
From: "Paul Guibord" <pguibord () tngtech net> To: <security-basics () securityfocus com> Subject: Unrestricted Outbound Web Server Access Opinion Date: Tue, 3 May 2005 08:54:57 -0400 MIME-Version: 1.0Received: from outgoing.securityfocus.com ([205.206.231.27]) by mc7-f34.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 3 May 2005 17:27:02 -0700 Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for mc7.bay6.hotmail.com [65.54.253.99]) with ESMTP; Tue, 3 May 2005 17:26:49 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 3E6B8237346; Tue, 3 May 2005 17:41:32 -0600 (MDT)Received: (qmail 24629 invoked from network); 3 May 2005 13:22:53 -0000 X-Message-Info: 6sSXyD95QpVjocF6boLwVQrxxioEG/C7OhezxW0vqCA= Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Unrestricted Outbound Web Server Access Opinionthread-index: AcVP3sPFIFTQYY1uTIW4rifehaq72wAAHEvwReturn-Path: security-basics-return-33848-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 04 May 2005 00:27:02.0391 (UTC) FILETIME=[FDF6F870:01C5503F]Hello All, Someone within our company wants our Internet facing web servers to have unrestricted outbound access. Port 80 is the only port permitted from the outside coming in. I need the experts opinion why we do not want to permit this PLEASE. Two things I could think of are if the web servers were compromised, then the hacker would have the ability offload any data they want. Another being if they were infected with a worm they would bring down the Internet T1 in their attempt to find other devices to infect. Thanks in advance for everyone's input. Paul
Current thread:
- Unrestricted Outbound Web Server Access Opinion Paul Guibord (May 03)
- Re: Unrestricted Outbound Web Server Access Opinion Jon Hart (May 04)
- RE: Unrestricted Outbound Web Server Access Opinion David Gillett (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion David Glosser (May 05)
- RE: Unrestricted Outbound Web Server Access Opinion Hamish Stanaway (May 05)
- RE: Unrestricted Outbound Web Server Access Opinion Micro Kluge (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion Diego Kellner (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion Mark Leonard (May 05)
- RE: Unrestricted Outbound Web Server Access Opinion Keenan Smith (May 10)
- Re: Unrestricted Outbound Web Server Access Opinion Chris Keladis (May 11)
- <Possible follow-ups>
- RE: Unrestricted Outbound Web Server Access Opinion Andrew Shore (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion Jon Hart (May 04)