Don't forget to allow DNS. In the same scenario you describe I have had good success allowing only dns/http/https. So many people are using http based file trading blocking ftp wasn't a issue.
-Derek ________________________________ From: Oliver Marshall To: NT System Admin Issues Sent: Thu Oct 02 04:22:51 2008 Subject: Standard Ports Hi chaps, We are looking at setting up a DMZ based wifi AP at a remote site where they have lots of freelancers coming and going. This would be used for the freelancers and would stop them accessing internal resources while allowing them external access. There would be another wifi AP for the internal staff to use. I want to also block certain outgoing ports on the DMZ based Wifi AP so that traffic use is limited. Essentially I want to limit access to just the basics. Now, my ‘basics’ and someone else’s ‘basics’ are two different things I’m sure. I thought I might asked the list whether anyone has looked at the kind of traffic internal staff legitimately use/create and what ports other people are blocking. The list so far is; To Allow: HTTP (80) HTTPS (443) FTP (21) RDP (3389) RWW (4415) To Block (ideally all but at least): SMTP (25) IRC (6666 – 6669) Any others? Olly -- G2 Support Online Backups Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Web: http://www.g2support.com <http://www.g2support.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Derek Lidbom Director of Technology and Interactive Development, Trone 336.812.2010 [EMAIL PROTECTED] Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
