No, of course I'm not sure - that's why I'm on a security vasics list. ;)
Seriously though, what I said was that a lot of devices (personal ones,
anyway) will allow connections in and out that are initiated behind the
firewall, and that this may be an incorrect assumption. I wasn't saying it
was a good idea.
Jeff
-----Original Message-----
From: Robert Sieber [mailto:[EMAIL PROTECTED]]
Sent: Sunday, December 15, 2002 6:27 PM
To: Gunn, Jeff; [EMAIL PROTECTED]
Subject: AW: NetScreen XP and NetMeeting
> The big scary-looking range of ports (1024-65535) are outbound UDP ports,
> which is a very common requirement. A lot of firewalls allow this by
> default because it can be (sometimes incorrectly) assumed that a
> connection
> originating from behind the firewall going out to the internet should be
> allowed.
Are you sure??? From my expiriences more than half of the
danger come from inside a network! Think of trojans, bad
employees and so on. It is not a good idea to open a lot
of ports.
Maybe you can use the H.323 support of netscreen?
Robert
--
http://board.protecus.de - Firewalls, Security and more ...
