On 09/25/2015 04:20 PM, Ca By wrote:
RFO: Google unilaterally deployed a non-standard protocol to our production
environment, driving up helpdesk calls x%
After action: block udp 80/443 until production ready and standard ratified
use deployed.
Let me be gentle about this. Why were you allowing 80/udp and 443/udp
in the first place into your production environment?
In my network, I run a mostly-closed firewall, only allowing those ports
that are needed to be forwarded between the inside and outside networks.
I don't have -- or need -- a DMZ here at this time, so I don't have to
worry about that side of the routing triangle. If I did, I would also
run mostly closed between inside/outside and the DMZ.
I'm liberal about opening ports on request, but the ports have to be
requested before I'll allow them in, out, or forwarded.
