The key terms are "Default Deny", "Egress Filtering" and "Business Justification". If it doesn't fall under those, then it's blocked.
And frankly, I'm open to just about anything for Business Justification. Of course, youtube, facebook and a few others don't make the cut - or at least they haven't so far. Kurt On Tue, Sep 28, 2010 at 15:56, Jon Harris <[email protected]> wrote: > > I seem to remember a couple years ago someone on the list put it as "if in > doubt block and unless required block" Saves on bandwidth and makes for > happy management. > > Jon > > On Tue, Sep 28, 2010 at 4:44 PM, Tom Miller <[email protected]> wrote: >> >> Okay folks, thanks and this is pretty much what I was thinking. If any >> complaints come in I can trace the traffic and take it from there. >> >> >>> <[email protected]> 9/28/2010 2:26 PM >>> >> >> Watch SMTP! A popular hack is to sneak in a rogue SMTP server onto >> someone's PC to spew spam world-wide. After a few of those (one at each >> location), only our Domino servers have Port 25 open, and it is open only to >> our Postini SMTP relay. >> -- >> Richard D. McClary >> Systems Administrator, Information Technology Group >> ASPCA® >> 1717 S. Philo Rd, Ste 36 >> Urbana, IL 61802 >> >> [email protected] >> >> P: 217-337-9761 >> C: 217-417-1182 >> F: 217-337-9761 >> www.aspca.org >> >> >> The information contained in this e-mail, and any attachments hereto, is >> from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) >> and is intended only for use by the addressee(s) named herein and may >> contain legally privileged and/or confidential information. If you are not >> the intended recipient of this e-mail, you are hereby notified that any >> dissemination, distribution, copying or use of the contents of this e-mail, >> and any attachments hereto, is strictly prohibited. If you have received >> this e-mail in error, please immediately notify me by reply email and >> permanently delete the original and any copy of this e-mail and any printout >> thereof. >> >> >> >> "Kim Longenbaugh" <[email protected]> >> >> 09/28/2010 01:09 PM >> >> Please respond to >> "NT System Admin Issues" <[email protected]> >> >> To >> "NT System Admin Issues" <[email protected]> >> Press this button if the "To" is a fax number. Enter in the fax number like >> 123-456-7890. >> cc >> Subject >> RE: Outbound firewall ports >> >> >> >> >> The best way to lock down your outbound traffic like you’re planning is to >> filter your firewall logs for all the outbound traffic, then determine what >> is legit for your environment, then block everything else. Since every site >> is different, that’s the best way to answer your question. >> >> The obvious things you’ll have to allow outbound are http, https, smtp, and >> probably FTP, SFTP. Some legitimate traffic will likely be on non-standard >> ports, and in our case, rather that something like “source: local(private) >> network, destination: all, port/service: all, allow, log”, it would be >> “source: specific host, destination: specific destination, port/service: >> specific, allow, log” >> >> From: Tom Miller [mailto:[email protected]] >> Sent: Tuesday, September 28, 2010 12:56 PM >> To: NT System Admin Issues >> Subject: Outbound firewall ports >> >> Folks, >> >> Anyone have a list of the protocols/ports they allow outside their >> firewalls? I am locking down our firewall outbound traffic to certain ports >> and am looking for other "standard" items I may be missing. >> >> Thanks >> Tom >> >> >> Confidentiality Notice: This e-mail message, including attachments, is for >> the sole use of the intended recipient(s) and may contain confidential and >> privileged information. Any unauthorized review, use, disclosure, or >> distribution is prohibited. If you are not the intended recipient, please >> contact the sender by reply e-mail and destroy all copies of the original >> message. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> Confidentiality Notice: This e-mail message, including attachments, is for >> the sole use of the intended recipient(s) and may contain confidential and >> privileged information. Any unauthorized review, use, disclosure, or >> distribution is prohibited. If you are not the intended recipient, please >> contact the sender by reply e-mail and destroy all copies of the original >> message. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
