I'm sure you'll get plenty of responses, and probably all will say
approximately the same thing. But, here's my $0.02. By allowing anything
from the inside out, you make it easier for any system that has been
trojaned to communicate out. If someone stupidly runs an email attachment
that includes a "phone home" capable executable, you've just given an
attacker a connection to your internal network. When setting up your rules,
you really should control traffic through every interface of your
firewall(s) and/or router(s) that you possibly can control.
Randy Graham
--
You're kind of trying to pick between "horible disaster" and "attrocious
disaster" -- Paul D. Robertson (on VNC vs. PPTP)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 11:28 AM
To: [EMAIL PROTECTED]
Subject: Allowing outgoing services
OK, this could be a silly question, but it never hurts to ask. (I
hope.) Let's say I generally trust all of our internal users. What are the
downsides to allowing all services from our internal users going out to the
internet? (Of course I would be limiting the incoming services.) Any major
problem with this that I am missing? Thanks.
Scott
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
