Educause Security Discussion mailing list archives
Re: Outbound SMTP
From: Michael Van Norman <mvn () UCLA EDU>
Date: Fri, 25 Apr 2008 09:51:45 -0700
Basgen, Brian wrote:
Joe,officers. I mean dang it all, we build wonderful networks, and then we proceed to block the heck out of 'em to the point where application programmers can hardly use 'em! That just makes no sense.Joe, you have a fair point, but you are making it a bit extreme. I would agree, in some contexts, when it comes to NAC, for example. Yet, the suggestion that blocking port 25 outbound is problematic for usability isn't very sustainable.
A researcher on your campus is developing an application that uses e-mail and incorporates its own MTA. A port 25 block breaks that. That to me is a problem with network usability, not an extreme position.
1) Even if you block port 25 traffic, the host is still infestedYou are missing the forest for the trees. If you render the intent of an exploit useless, you've accomplished defense in-depth. We can't maintain pristine networks. We *can* reduce risk and have sufficient depth such that a compromise will be mitigated by various layers.
This assumes that the malware loses all value to the miscreant if SMTP is blocked. The malware is still likely to be keylogging, uploading browser caches, etc. It may also simply use your existing mail relays. Those other aspects of the malware have value. Blocking SMTP is not going to change that (and this I would question the assertion of defense in depth). /Mike
Current thread:
- Re: Outbound SMTP, (continued)
- Re: Outbound SMTP Kreider, Randall G (Apr 25)
- Re: Outbound SMTP Jeff Kell (Apr 25)
- Re: Outbound SMTP Joe St Sauver (Apr 25)
- Re: Outbound SMTP Jenkins, Matthew (Apr 25)
- Re: Outbound SMTP Tim Cantin (Apr 25)
- Re: Outbound SMTP Jenkins, Matthew (Apr 25)
- Re: Outbound SMTP Joey Rego (Apr 25)
- Re: Outbound SMTP Jeff Kell (Apr 25)
- Re: Outbound SMTP Joe St Sauver (Apr 25)
- Re: Outbound SMTP Basgen, Brian (Apr 25)
- Re: Outbound SMTP Michael Van Norman (Apr 25)
- Re: Outbound SMTP Stephen John Smoogen (Apr 25)
- Re: Outbound SMTP Deke Kassabian (Apr 25)
- Re: Outbound SMTP David Lundy (Apr 25)
- Re: Outbound SMTP Jenkins, Matthew (Apr 25)
- Re: Outbound SMTP Roger Safian (Apr 25)
- Re: Outbound SMTP ken lindahl (Apr 25)
- Re: Outbound SMTP Don Nightingale (Apr 25)
- Re: Outbound SMTP Michael Van Norman (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Joel Rosenblatt (Apr 25)
(Thread continues...)