On Tue, 3 Apr 2001, Edward Ingram wrote:
> Since we don't really have a policy on users running messenger apps
> and such, and I really could care less right now,
Sorry to sound rude but, your company must not be doing anything of any
importance, then. I see enforced user policies and risk analysis as a
must, not as an option - *prior* to any mishaps. There are several very
good reasons for it including, but not limited to:
1. the same people who built the company network might not be working in
the company anymore once something bad happens, meaning: they might not
be fully aware of everything about the network, which most definitely
limits their power against malicious attacks.
2. once something bad does happen - and believe me, it will - you will
have a quick reference and a set of guidelines on how to operate, and
specifically *who* will do what, in order to recover as quickly and as
painlessly as possible.
3. once the threats, probabilities, strengths and general information
about the company network are in writing (on paper) the network
administrator or any such person needing to get/share/update information
about the network will be able to do so quickly.
etc.
> would it be safe to have an initial rule that allows all inside
> connections to the outside and to allow all established connections
> back in?
It does save time, granted but, also leaves more room for unwanted
interactions. You really should weigh the importance and value of the
data inside your company network against the probability and probable
level(s) of severity of a malicious attack first. Personally, I don't
even allow all outbound connections, from my home computer that has no
work-related data on it, at least not without logging them, let alone
inbound connections.
> That would save a lot of trouble vs. specifically allowing certain
> ports out and blocking everything else.
Once you have a clear user policy and enforce it, you really only need
to go through the trouble of only allowing certain ports and filtering
out the rest once. I see all-outbound-connections-allowed as a feasible
option for home computers only, and not even that fully.
Still, I'm no expert and these are only my personal views, combined with
what little I know and have experience of on the subject.
.pi.
--
Petteri Lyytinen + [EMAIL PROTECTED] + http://www.cs.tut.fi/~typo/
+ Watashi no chikara de susumu +
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
