Firewall Wizards mailing list archives
Re: outbound traffic security risk
From: Holger Kipp <Holger.Kipp () alogis com>
Date: Tue, 23 Mar 2004 15:13:48 +0100
On Tue, Mar 23, 2004 at 08:50:12AM +0000, Hilal Hussein wrote:
Dear List, I would like to ask about the risk of opening outbound port traffics in the firewall. currently, i am opening the outbound ports traffic based on the user request, as pop3, and smtp traffics. I red about some risk that could be in some kind of outbound traffics which might pass java scripts, or trojan horses, or other kind of attacks during the opened session from users (inside the network) to the outbound.
allowing outbound traffic also allows answers to come back. easiest example is http. you allow outbound traffic which requests several files. depending on the OS of the client, this might be sufficient to get a trojan installed on the client inside the protected network. trojans can then use one of these open ports to connect to the outside world to transmit any data or even allow external crackers to send commands to the infected client. risk can be mimimised, eg - by restricting outgoing connections to specific servers - by using a proxy and not allowing clients direct access - redirecting all traffic (if applicable) through a virus scanner, eg ftp, http, email - use virus scanners etc on all clients - use clients that are - easy to maintain and upgrade - don't allow users to install their own software - are not easily compromised - don't allow direct access - system in DMZ is accessing external sources, clients can access this system only for viewing (eg using vnc, X) - applications that are put on the clients are first thoroughly tested. - scan internal network (especially the gateway) for illegal requests. If you are using a proxy for http/https/ftp, only allow some ports (see squid for example) and check if other ports are also requested. This might be an indication of an internal system being compromised. For specific tasks you might consider a specially hardened client system within the dmz. Depending on the security level you want this might be very expensive. YMMV. Regards, Holger Kipp _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- outbound traffic security risk Hilal Hussein (Mar 23)
- Re: outbound traffic security risk Paul D. Robertson (Mar 23)
- Re: outbound traffic security risk Holger Kipp (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 24)
- <Possible follow-ups>
- Re: outbound traffic security risk Mitchell Rowton (Mar 23)
- Re: outbound traffic security risk Devdas Bhagat (Mar 23)
- Re: outbound traffic security risk Mitchell Rowton (Mar 24)
- Re: outbound traffic security risk Devdas Bhagat (Mar 24)