Amen Brother. ________________________________ From: Jon Harris [[email protected]] Sent: Tuesday, September 28, 2010 5:56 PM To: NT System Admin Issues Subject: Re: Outbound firewall ports
I seem to remember a couple years ago someone on the list put it as "if in doubt block and unless required block" Saves on bandwidth and makes for happy management. Jon On Tue, Sep 28, 2010 at 4:44 PM, Tom Miller <[email protected]<mailto:[email protected]>> wrote: Okay folks, thanks and this is pretty much what I was thinking. If any complaints come in I can trace the traffic and take it from there. >>> <[email protected]<mailto:[email protected]>> 9/28/2010 2:26 >>> PM >>> Watch SMTP! A popular hack is to sneak in a rogue SMTP server onto someone's PC to spew spam world-wide. After a few of those (one at each location), only our Domino servers have Port 25 open, and it is open only to our Postini SMTP relay. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected]<mailto:[email protected]> P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org<http://www.aspca.org/> The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. "Kim Longenbaugh" <[email protected]<mailto:[email protected]>> 09/28/2010 01:09 PM Please respond to "NT System Admin Issues" <[email protected]<mailto:[email protected]>> To "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Press this button if the "To" is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Outbound firewall ports The best way to lock down your outbound traffic like you’re planning is to filter your firewall logs for all the outbound traffic, then determine what is legit for your environment, then block everything else. Since every site is different, that’s the best way to answer your question. The obvious things you’ll have to allow outbound are http, https, smtp, and probably FTP, SFTP. Some legitimate traffic will likely be on non-standard ports, and in our case, rather that something like “source: local(private) network, destination: all, port/service: all, allow, log”, it would be “source: specific host, destination: specific destination, port/service: specific, allow, log” From: Tom Miller [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, September 28, 2010 12:56 PM To: NT System Admin Issues Subject: Outbound firewall ports Folks, Anyone have a list of the protocols/ports they allow outside their firewalls? I am locking down our firewall outbound traffic to certain ports and am looking for other "standard" items I may be missing. Thanks Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
