> > > useful in this environment? > > Many folks like that one. I use shorewall. You can always block outgoing > > ports that you dont use. If you dont run an ftp server, block port 20 > > and 21, etc. > > > That is why I really like the "default deny" mentality. Start by > blocking all incoming and outgoing new connections. Allow only incoming > connections for services that you know you are running. Allow only > outbound connections for things you know you want to do. If you only > browse the web and use ssh, then only allow those ports. Many badware > applications use port 80 or port 443, since those are very rarely > blocked. For bonus points, block those and setup and authenticating > proxy.
The default deny policy can also open up a security hole on its own. Be aware that the default rate limited reject policy can be better. Even for blocking 80 / 443 this is why some places use proxy's cause you block everything else but allow the proxy. It can be even more secure to use a transparent proxy because something on port 80 is forced to talk http instead of another protocol. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
