| |||||||||||||
egress filtering?egress filtering?Posted Apr 9, 2006 23:21 UTC (Sun) by man_ls (subscriber, #15091)In reply to: big deal by lutchann Parent article: Crossplatform virus - the latest proof of concept You block unauthorized outbound connections? This means that you have to "authorize" outbound connections to every new port? For me this is a waste of time; malware can connect via port 80 to whatever server it wants, and I may want to connect to remote ports for new protocols, server administration, etc. My internal networks are definitely not set up like that.
(Log in to post comments)
egress filtering? yes! Posted Apr 11, 2006 15:51 UTC (Tue) by lutchann (subscriber, #8872) [Link] You're right, which is why I don't allow connections via port 80 to just any server. All allowed outbound connections from my internal networks are fully specified by source host, destination host and destination port; for the most part this is limited to allowing only connections to a client's servers or VPN endpoint, plus my local DNS and NTP servers. This reasonably well isolates all my internal networks from each other and the Internet, which conveniently solves a lot of problems that IT departments tend to bring up when you request VPN access to their network.
a bit excessive Posted Apr 11, 2006 16:06 UTC (Tue) by man_ls (subscriber, #15091) [Link] So, what do you do when you have a problem in the network and need to look something up on the web?
a bit excessive Posted Apr 11, 2006 16:34 UTC (Tue) by lutchann (subscriber, #8872) [Link] I have other networks here besides those I consider "internal"--everything with Internet access is in a DMZ-type network, so laptop+wireless works fine for web and IM. But from the perspective of the internal networks where all the real work goes on, the DMZ is as untrustworthy as the open Internet.
|
|||||||||||||