I second this. However if your users are not use to this restriction, you need to get both upper management backing for the policy and you need to ease your users into this new comfort zone to prevent a reduction in human production and to make sure you will not break anything that is being used for production purposes.
Personally, I agree with blocking all inbound\outbound traffic and open only what is needed. However, upper management will get angry if their employees become disgruntled and stop working at the quality they were before. You will need to convince upper management that in the long run, their employees will be more productive because of less distractions and they will not have to worry about IP loss, monetary loss, or law suits from the lack of due diligence of their network security. Regards, Greg DeGennaro Jr., CCNP Security Analyst -----Original Message----- From: David Gillett [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 9:59 AM To: 'Jude Naidoo'; 'Jane Han'; 'ALLEN, DONALD S (AIT)'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: where should I start? help! Blocking specific ports because they're "threats" sort of worked okay around 1995. In the Internet of the 21st century, it doesn't. The Right Way(TM) to define a firewall policy is to block all traffic by default, and then open up what your organization actually needs. That way, you can get away with ignoring new threats unless they actually apply to stuff your organization does, instead of constantly putting out fires each time the building catches. David Gillett --------------------------------------------------------------------------- ----------------------------------------------------------------------------
