egress filtering? yes!
Posted Apr 11, 2006 15:51 UTC (Tue) by lutchann
In reply to: egress filtering?
Parent article: Crossplatform virus - the latest proof of concept
You're right, which is why I don't allow connections via port 80 to just any server. All allowed outbound connections from my internal networks are fully specified by source host, destination host and destination port; for the most part this is limited to allowing only connections to a client's servers or VPN endpoint, plus my local DNS and NTP servers. This reasonably well isolates all my internal networks from each other and the Internet, which conveniently solves a lot of problems that IT departments tend to bring up when you request VPN access to their network.
to post comments)