Firewall Wizards mailing list archives
Re: Firewall best practices
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 31 Mar 2010 21:31:48 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1That is all good, but, the current trend tends to be for established/related from the inside to be allowed, thus there can be reasons to have blocks in place, to close off problematic ports even from the inside.
Thanks, Ron DuFresne On Sun, 21 Mar 2010, Andre Lima wrote:
Hi jas,Actually, it's not about the ports to block, but the ports to allow. That's assuming you're using a drop/deny all policy, which frankly you should. But even with the deny all policy, there should be a few basic packets you should drop:1. (if you're using iptables) drop invalid state packets2. make sure you restrict ICMP trafic and never allow echo requests to get in (avoiding smurf attacks) or any broadcast traffic for that matter. 3. don't allow IP packets with options to get in. these are usually used by hackers to make spoofed packets go back to them (ip header length must be 5!) 4. mitigate spoofing or LAND DoS attacks by denying inside traffic with source IP adresses from private networks (192.168.0.0/16, etc) 5. (this is usually default modern OS behaviour but) make sure you mitigate TCP syn flood attacks with (usually OS supported) TCP cookies.This should be the least the firewall should do.
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 These things happened. They were glorious and they changed the world..., and then we fucked up the endgame. --Charlie Wilson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFLs/eIst+vzJSwZikRAs3NAJ0ePtno48ExA0z0sgzM4VYGFyeRnwCgkeLd h4Vsdhu7qjpphXyZvx6AodE= =a8ku -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall best practices R. DuFresne (Apr 13)
- <Possible follow-ups>
- Re: Firewall best practices Anton Chuvakin (Apr 14)
- Re: Firewall best practices Jason Lewis (Apr 14)
- Re: Firewall best practices Darden, Patrick S. (Apr 15)
- Re: Firewall best practices Paul D. Robertson (Apr 15)
- Re: Firewall best practices Darden, Patrick S. (Apr 15)
- Re: Firewall best practices Jason Lewis (Apr 14)
- Re: Firewall best practices John Morrison (Apr 15)
- Re: Firewall best practices Darden, Patrick S. (Apr 15)
- Re: Firewall best practices Marcus J. Ranum (Apr 15)
- Re: Firewall best practices Morty (Apr 16)
- Re: Firewall best practices Darden, Patrick S. (Apr 22)