Educause Security Discussion mailing list archives

Re: the importance of security

From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 11 Aug 2004 13:09:25 -0400

Jon Mitchiner wrote:

I am not comfortable with the idea of port 25 blocking.  The reason is
because how will you know if a machine is infected or not?  If you block
outgoing port 25 then it's going to make it difficult for you to know
whether a machine is infected with a trojan/virus/etc and you would have
compromised machines on your network.


access-list 120 deny tcp any any eq 25 log

Then check your logs. :)

Similar logging for port 135 and 445 access attempts
is also illuminating although they can be 'permit'
rules as policy dictates.

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: the importance of security, (continued)
- Re: the importance of security Jere Retzer (Aug 11)
- Re: the importance of security Theresa M Rowe (Aug 11)
- Re: the importance of security Weeks, Calvin W. (Aug 11)
- Re: the importance of security Scott Genung (Aug 11)
- Re: the importance of security Jere Retzer (Aug 11)
- Re: the importance of security Dewitt Latimer (Aug 11)
- Re: the importance of security Scott Genung (Aug 11)
- Re: the importance of security Cal Frye (Aug 11)
- Re: the importance of security Jon Mitchiner (Aug 11)
- Re: the importance of security Gary Flynn (Aug 11)
- Re: the importance of security Gary Flynn (Aug 11)
- Re: the importance of security Jon Mitchiner (Aug 11)
- Re: the importance of security Buz Dale (Aug 11)
- Re: the importance of security Rich Graves (Aug 11)
- Re: the importance of security Paul Russell (Aug 11)
- Re: the importance of security Mike Iglesias (Aug 11)
- Re: the importance of security Scott Weeks (Aug 12)