On Wed, Sep 29, 2010 at 6:44 AM, Alan Davies wrote:
> ... one more thing on some of the comments about proxies
> protecting networks ... they won't stop an attacker getting a shell out ...
Didn't someone have a Telnet/SSH gateway implemented in terms of
server-side software plus HTTP/JavaScript
utchi...@mira.co.uk]
Sent: 29 September 2010 08:11
To: NT System Admin Issues
Subject: RE: Outbound firewall ports
Buy a box (Palo Alto Networks for example), generate a CA on it, install that
CA on all your clients, turn on decryption on the Palo Alto and bobs your
uncle, your staff visit https://ww
r yet get a box with URL filtering and exclude certain categories i.e.
banking and finance.
-Original Message-
From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]
Sent: 29 September 2010 04:57
To: NT System Admin Issues
Subject: RE: Outbound firewall ports
How do
On Tue, Sep 28, 2010 at 11:58 PM, Kurt Buff wrote:
> I'm also not going to get into the whack-a-mole game of trying to shut
> down access to external ssl proxies - it's a losing proposition.
I find simply reviewing the Webalizer reports of Squid logs is
pretty effective. Any outside proxy is g
PM
To: NT System Admin Issues
Subject: RE: Outbound firewall ports
How do you inspect SSL traffic. If one could that that, then it would be not
be a secure connection?
Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL 33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax
-Ori
e
to the public and misuse was high.
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, 29 September 2010 1:58 PM
To: NT System Admin Issues
Subject: Re: Outbound firewall ports
Understood.
I'm also not going to get into the whack-a-mole game of tryi
g.net [mailto:greg.swe...@actsconsulting.net]
Sent: Wednesday, 29 September 2010 1:57 PM
To: NT System Admin Issues
Subject: RE: Outbound firewall ports
How do you inspect SSL traffic. If one could that that, then it would be not
be a secure connection?
Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL
kurt.b...@gmail.com]
> Sent: Wednesday, 29 September 2010 1:48 PM
> To: NT System Admin Issues
> Subject: Re: Outbound firewall ports
>
> Yes, it does matter.
>
> The inspection of traffic in this case is fairly irrelevant.
>
> What I'm after is that *only* the sq
*common trick
-Original Message-
From: James Hill
Sent: Wednesday, 29 September 2010 1:53 PM
To: NT System Admin Issues
Subject: RE: Outbound firewall ports
I'm not disagreeing with only allowing 443 out from the squid proxy. That's
the best way to go for sure.
I'm j
...@superamart.com.au]
Sent: Tuesday, September 28, 2010 11:53 PM
To: NT System Admin Issues
Subject: RE: Outbound firewall ports
I'm not disagreeing with only allowing 443 out from the squid proxy. That's
the best way to go for sure.
I'm just saying that if the end user is connecting to an exter
Admin Issues
Subject: Re: Outbound firewall ports
Yes, it does matter.
The inspection of traffic in this case is fairly irrelevant.
What I'm after is that *only* the squid proxy gets out on port 443.
Anything trying to get out on port 443 that doesn't go through the squid proxy
is by
x27;t inspecting the traffic then it doesn't really matter that it's
> going through squid they'll still get to wherever they like.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, 29 September 2010 1:24 PM
> To:
kurt.b...@gmail.com]
> Sent: Wednesday, 29 September 2010 4:03 AM
> To: NT System Admin Issues
> Subject: Re: Outbound firewall ports
>
> Ports 21, 80 and 443, and only for the proxy server. I have ssh open outbound
> to specific customer sites that we support .
>
> I w
ts hereto, is strictly prohibited. If you have received
>> this e-mail in error, please immediately notify me by reply email and
>> permanently delete the original and any copy of this e-mail and any printout
>> thereof.
>>
>>
>>
>> "Kim Longenbaugh&quo
29 September 2010 4:03 AM
> To: NT System Admin Issues
> Subject: Re: Outbound firewall ports
>
> Ports 21, 80 and 443, and only for the proxy server. I have ssh open outbound
> to specific customer sites that we support .
>
> I was forced to open 544 (rtsp) recently for a li
y, 29 September 2010 4:03 AM
To: NT System Admin Issues
Subject: Re: Outbound firewall ports
Ports 21, 80 and 443, and only for the proxy server. I have ssh open outbound
to specific customer sites that we support .
I was forced to open 544 (rtsp) recently for a live video event, but did that
Amen Brother.
From: Jon Harris [jk.har...@gmail.com]
Sent: Tuesday, September 28, 2010 5:56 PM
To: NT System Admin Issues
Subject: Re: Outbound firewall ports
I seem to remember a couple years ago someone on the list put it as "if in
doubt block and u
h" *
>
> 09/28/2010 01:09 PM
> Please respond to
> "NT System Admin Issues"
>
>To
> "NT System Admin Issues"
> Press this button if the "To" is a fax number. Enter in the fax number
> like 123-456-7890.
> cc
> Subject
>
this button if the "To" is a fax number. Enter in the fax number
like 123-456-7890. cc
Subject
RE: Outbound firewall ports
The best way to lock down your outbound traffic like you’re planning is
to filter your firewall logs for all the outbound traffic, then
determine what is legit
01:09 PM
Please respond to
"NT System Admin Issues"
To
"NT System Admin Issues"
Press this button if the "To" is a fax number. Enter in the fax number
like 123-456-7890.
cc
Subject
RE: Outbound firewall ports
The best way to lock down your outbound traffic lik
um...
start by locking down everything, and only open what you _need_
80 and 443 are the closest to "standard" that I would start with.
perhaps DNS if you have that on your DC. then SMTP etc...
What Kim said... look at your firewall logs and go protocol by
protocol and only to the destinations
The best way to lock down your outbound traffic like you're planning is
to filter your firewall logs for all the outbound traffic, then
determine what is legit for your environment, then block everything
else. Since every site is different, that's the best way to answer your
question.
The obvious
Oh, yeah - port 25 for is available only for our mail servers.
On Tue, Sep 28, 2010 at 10:55, Tom Miller wrote:
> Folks,
>
> Anyone have a list of the protocols/ports they allow outside their
> firewalls? I am locking down our firewall outbound traffic to certain ports
> and am looking for other
Ports 21, 80 and 443, and only for the proxy server. I have ssh open
outbound to specific customer sites that we support .
I was forced to open 544 (rtsp) recently for a live video event, but
did that for a single IP address so that the machine showing the event
in the lunchroom could get to it.
"Standard" will obviously vary, but for PC's (i.e. general usage)
http/https/ftp and that's it.
From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: 28 September 2010 18:56
To: NT System Admin Issues
Subject: Outbound firewall ports
Folks,
Anyone have a list of the protocols/ports they allo
25 matches
Mail list logo