On Wed, 13 Aug 2003, at 8:37am, [EMAIL PROTECTED] wrote: > I also think that most good network citizens should be egress blocking > those ports anyway - there are precious few reasons a corporate network > should be allowing egrees traffic on those ports, or for that matter on > most ports.
Yah. A lot of our customers are of the "allow by default" mindset for Internet access, but even on those, we explicitly block all "LAN services" at the firewall. Not just Microsoft's many known ports, but Novell, Apple, infrastructure services like routing protocols (if we're not using them)... all that stuff. 'course, I personally spent a good deal of yesterday cleaning up after somebody who felt they "didn't need a firewall, because they ran anti-virus software". *shakes head* -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
