Antwort: Open All Outbound Ports?

HI there,

I will give you three.......

E-Donkey
BearShare
Gnutella

Those Applikations and their ports were the ones I had to close during the last two months cos somehow more than 7 million requests were generated by a single internal maschine within 12 hours.

Not only that this costs a lot of money for investigating, it also costs money for the not-working employees.

It also affects the costs for bandwidth, cos as you know a peer2peer Software can cause a lot UDP Traffic.

And I can tell you...it is not a very nice thing to appear with tons of people, lawyers and nionpeople and just confiscate a workstation for forensic analysis. This really has a bad taste.....

So, if you don`t want to hire a security specialist for you to investigate the whole day what might get from internal to external, or what your employees might do, if you let them do what they want, you SHOULD close any port you don`t specifically need.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Its the ROSIS - Return of Security Investments

"All you get is to not pay for things you never saw...."

Regards,

Olli

-- 

***********************************************

Oliver Biermann  -  MIT Security 
Mobilcom Corporate IT - Büdelsdorf 
Tel: +49 4331 4472124 - Fax: -2200

***********************************************

Fingerprint: FC19 7F6D 4405 EF4F AE25 96CD 8DAB B7D6 F3B6 9F01






tony tony 
08.11.02 02:33

 
        An:     security-basics@securityfocus.com
        Kopie: 
        Thema:  Open All Outbound Ports?


Hi, 
Our firewall group has came to me several times over the last few months
wanting my approval to open all of the "OUTBOUND" ports on our firewall 
facing
the internet.  Their argument is that this would not significantly reduce 
our
security and it will reduce their time/effort in administration.  They 
claim
they get several requests a week to open up out bound ports and the number
keeps growing each month. They want to go for the gusto?and open up all 
65,000+
outbound ports.

I am in the security area and they want my agreement/sign off before they 
do
this.  It just does not "feel/smell right" but I am losing ground with my
arguments.  What are some good arguments I can use? 

Tony


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2