It really depends on what sort of environment you are in, what sort of risk
you are prepared to have, and the trade off in inconvenience that is
acceptable.
For example if you are a home user you might be happy to just have a script
that does a quick port scan of your machine and disables all open ports when
you connect to the net (ie via dial up). You could have ports in this script
that it wouldn't block if you wanted to offer specific services. This might
be fine cause you not may be online much, or the consequences of being
compromised may be insignificant. This scenario would allow you out on any
ports that you wanted and prevent people telneting on to your box, or using
file shares etc.
The problem with this is that if you download and run a malicous program
that then allows people to connect to you on a port which isn't blocked,
you'll be wide open (I know that it's a bit of a lame example, ie what sort
of person downloads and runs something that they don't trust, but it shows
the point).
In a scenario where all ports are locked down, and then only the ports that
need to be opened are opened, you are in a much safer position. Even if you
are compromised only relatively small number of ports are available, and if
you're intelligent about it, where ever you can you'll use proxies on the
open ports. This means that not only does a hostile program have to find an
open port, it also has to conform to some sort of protocol (eg HTTP if it
wants to listen on port 80). This makes it much harder for someone to decide
to use your system as their MP3 server. However, you may decide that the
inconvenience of this is unacceptable compared to the risk, in general the
better the connection and hardware at your end, the more you have to worry.
If you only have a dial up then people won't go to the both of using you as
an MP3 server, but if you have a nice fat T1 you might reconsider.
Of course once you get into a corporate environment it becomes even more
serious as you have a lot more at stake..... :-)
HTH
Alex Hague
-----Original Message-----
From: Sebastian Sohn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 1 March 2001 15:42
To: [EMAIL PROTECTED]
Subject: firewalling rules
I am new in firewall configuration. It seems that when I read articles on
the web, people suggest that, one should setup the firewalling rules to deny
everything and allow specifics?
What is wrong with having a rules accept all but deny specifics.
Could I not just block ports that I am using, like telnet 23 , ftp 21 , ssh
22, NetBIOS 135-139 and such. Why should I block everything coming in?
Thanks!
-Sebastian
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
