Re: Firewall best practices

[arvind doraiswamy <arvind.doraiswamy () gmail com>]

I'm not really sure anything of that sort will be available anywhere.
Even if it is I'd advise you take it with a big pinch of salt. Reason
being I think there's only 1 "best" list -- Thats based on the "what
you need" principle.

Meaning I could rattle off a list of say 10 ports which should not be
exposed...but it'd all be utterly useless if your business demanded
those remain open. So if there's legacy code in your setup which
demands that UDP ports between 1024 and 65535 remain open... and they
are not willing to phase it out -- the best thing you can then do is
restrict IP addresses and put other compensatory controls in place.

To sum up - The best list is:

a) Grant access to exactly what you need in your environment.
Wireshark is your friend.
b) Deny all else

Not exactly what you're looking for  maybe...but its just an approach
I think sort of fits IMHO.

Cheers
Arvind

On Sat, Mar 20, 2010 at 10:24 PM, Jason Lewis <jlewis () packetnexus com> wrote:
> I was configuring a new firewall and was setting up rules to block
> things like SMB and known trojan port and remote access client.  It
> got me thinking that the process would be quicker if I had a list
> recommended ports/apps to block.
>
> Is anyone aware of such a list.  Best practices for ports to block
> seems like something that would exists, but I haven't had any luck in
> my search.
>
> jas
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards