The best way to lock down your outbound traffic like you're planning is to filter your firewall logs for all the outbound traffic, then determine what is legit for your environment, then block everything else. Since every site is different, that's the best way to answer your question.
The obvious things you'll have to allow outbound are http, https, smtp, and probably FTP, SFTP. Some legitimate traffic will likely be on non-standard ports, and in our case, rather that something like "source: local(private) network, destination: all, port/service: all, allow, log", it would be "source: specific host, destination: specific destination, port/service: specific, allow, log" From: Tom Miller [mailto:[email protected]] Sent: Tuesday, September 28, 2010 12:56 PM To: NT System Admin Issues Subject: Outbound firewall ports Folks, Anyone have a list of the protocols/ports they allow outside their firewalls? I am locking down our firewall outbound traffic to certain ports and am looking for other "standard" items I may be missing. Thanks Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
