Educause Security Discussion mailing list archives
Re: Firewall - Egress Policy
From: Steve Lovaas <steven.lovaas () COLOSTATE EDU>
Date: Tue, 5 Sep 2006 08:07:42 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We also use PacketShaper to control gaming. Recently we threw up our hands on keeping track of some of the games - too many ports! PacketShaper also has a feature through which you can allow individual flows to reserve a certain amount of network bandwidth, subject to some arbitrary maximum for a subnet or other division of IPs/users. Inevitably, we end up oversubscribing in this scenario. It'll be interesting to see how it plays out. Sure is simpler than playing whack-a-mole with ports. Steve Lovaas Colorado State University
Chris Golden ventured to comment, at 9/4/06 11:10 AM:I am struggling keeping up with outbound firewall rules pertaining to games and other gaming apps (i.e Ventrillo, Teamspeak, PS2, Xbox live). We have a policy allowing approved gaming ports to be opened after 5pm M-F and all day on the weekends. However, as more and more games come out requiring 4,000+ ports I am starting to think this is pointless. I see the need for filtering out certain ports such as SMTP, SNMP, MS RPC, NetBios, SMB/IP, TFTP, IRC (6000-6999) but it would be easier to create rules for these ports and allow others. What are some of your thoughts/policies on this?
- -- ============================================================== Steven Lovaas, MSIA, CISSP Network & Security Resource Manager Academic Computing & Network Services Colorado State University 970-297-3707 Steven.Lovaas () ColoState EDU ============================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/YSu2E9pSXAHWcsRAjAlAKDOCsWYDLSaulQFSN7SF4rSG3IA+wCfWVwg vZylbYCdzjWfDLOdaPuMjPk= =jCNb -----END PGP SIGNATURE-----
Current thread:
- Firewall - Egress Policy Chris Golden (Sep 04)
- <Possible follow-ups>
- Re: Firewall - Egress Policy Gary Flynn (Sep 04)
- Re: Firewall - Egress Policy Cal Frye (Sep 04)
- Re: Firewall - Egress Policy Jack Suess (Sep 04)
- Re: Firewall - Egress Policy Steve Lovaas (Sep 05)
- Re: Firewall - Egress Policy Bruce Curtis (Sep 05)