Spam: RE: Spam: How safe is a hardware firewall?

[kim at bufferzone.dk (Kim Guldberg)]

Hi Robin

Let me ask you some simple questions.

Does any of your servers need to be able to brows web pages. If nobody 
browses from your servers, as nobody should, you can block port 80 out 
bound for all your servers.

Does any of your servers need to be able to send and/or get mail. If 
not, block ports 25 and 110 out bound for all server IP's (maybe not for 
the mail server)

You need to ask your self the above questions for all ports 1 to 1025 
plus some of the higher reserved ports e.b. port 5900 if you are not 
using VNC and so forth

This is just some of the things you can do to tighten your rule base. 
Basically you start by closing and silencing everything, and then open 
just the holes you absolutely need for the IP's you absolutely need, in 
the timespan you absolutely need.

Regards
Kim

Robin Kipp skrev:
> Hi Kim,
> OK, thanks for your deteiled reply. Well, the problem is that I had to
> allow all outbound traffic because not only the server, but also my
> other computers are behind the firewall. However, the firewall scans all
> incoming and outgoing traffic for malicious code and the firewall keeps
> on sending me email messages telling me about all the intrusions and
> viruses that were blocked. Is there maybe a tool available that I can
> use to try to hack my own server? The problem is that all the Metasploit
> exploits don't seem to work :-( Thanks! Robin
>
>
>