If you aren't inspecting the traffic then it doesn't really matter that it's going through squid they'll still get to wherever they like.
-----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Wednesday, 29 September 2010 1:24 PM To: NT System Admin Issues Subject: Re: Outbound firewall ports Nope - I proxy SSL through my squid box. Of course, I don't actually inspect the traffic, but I do log the URLs. It stops potential zombies that don't understand/respect IE or FF proxy settings. On Tue, Sep 28, 2010 at 17:13, James Hill <[email protected]> wrote: > 443? Isn't that the port to connect to your external proxy server so > you can bypass any internal filtering? :) > > Unless of course the internal filtering has good https inspection. Not many > do though. > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, 29 September 2010 4:03 AM > To: NT System Admin Issues > Subject: Re: Outbound firewall ports > > Ports 21, 80 and 443, and only for the proxy server. I have ssh open outbound > to specific customer sites that we support . > > I was forced to open 544 (rtsp) recently for a live video event, but did that > for a single IP address so that the machine showing the event in the > lunchroom could get to it. > > I allow DNS outbound only for our DNS servers, and NTP for our NTP servers. > > That covers most of it. > > On Tue, Sep 28, 2010 at 10:55, Tom Miller <[email protected]> wrote: >> Folks, >> >> Anyone have a list of the protocols/ports they allow outside their >> firewalls? I am locking down our firewall outbound traffic to >> certain ports and am looking for other "standard" items I may be missing. >> >> Thanks >> Tom >> >> Confidentiality Notice: This e-mail message, including attachments, >> is for the sole use of the intended recipient(s) and may contain >> confidential and privileged information. Any unauthorized review, >> use, disclosure, or distribution is prohibited. If you are not the >> intended recipient, please contact the sender by reply e-mail and >> destroy all copies of the original message. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
