On Fri, 25 May 2001 [EMAIL PROTECTED] wrote:
And, yet, this can be accomplished without fully restricting
outgoing packets, though granted, it takes more foreknowledge and
dilligence then a full deny/allow some.
Unless by foreknowledge, you mean some mystical capacity to
anticipate
AM
To: [EMAIL PROTECTED]
Subject: Allowing outgoing services
OK, this could be a silly question, but it never hurts to ask. (I
hope.) Let's say I generally trust all of our internal users. What are the
downsides to allowing all services from our internal users going out
Another important point to remember is that any
service that is allowed outbound on your firewall will
most likely allow the same service inbound as a
response to a request from a trusted internal user.
Even a seemingly harmless user can create many
problems unknowingly.
P
--- [EMAIL
On Thu, 24 May 2001 [EMAIL PROTECTED] wrote:
1. Phone-home trojans. If nobody has built a really good one yet,
the existence of admins who think outbound==safe constitutes a motive
for someone to do it.
I've heard that Compaq has built a pretty good one, where a support Rep. can
take a
The phone home examples I was aware of do things like email a
system successfully compromised message to Korea or somewhere, but
that email message doesn't offer a control channel.
By really good, I'm picturing something that opens the control
channel from the compromised end back to the
PROTECTED]]
Sent: Thursday, May 24, 2001 11:28 AM
To: [EMAIL PROTECTED]
Subject: Allowing outgoing services
OK, this could be a silly question, but it never hurts to ask. (I
hope.) Let's say I generally trust all of our internal users. What are the
downsides
OK, this could be a silly question, but it never hurts to ask. (I hope.) Let's say I generally trust all of our internal users. What are the downsides to allowing all services from our internal users going out to the internet? (Of course I would be limiting the incoming services.) Any major
to pick between horible disaster and attrocious
disaster -- Paul D. Robertson (on VNC vs. PPTP)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 11:28 AM
To: [EMAIL PROTECTED]
Subject: Allowing outgoing services
OK, this could
rules about
preventing external users inside.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of [EMAIL PROTECTED]Sent: Thursday, May 24, 2001
14:28To: [EMAIL PROTECTED]Subject: Allowing
outgoing services
OK, this could be a silly question
--
You're kind of trying to pick between horible disaster and attrocious
disaster -- Paul D. Robertson (on VNC vs. PPTP)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 11:28 AM
To: [EMAIL PROTECTED]
Subject: Allowing outgoing
10 matches
Mail list logo