What tangible security are gained by blocking all but a few outgoing ports in a firewall
Posted
by Frankie Dintino
on Server Fault
See other posts from Server Fault
or by Frankie Dintino
Published on 2010-05-10T19:02:10Z
Indexed on
2010/05/10
19:04 UTC
Read the original article
Hit count: 349
Our current hardware firewall allows for blocking incoming and outgoing ports. We have two possibilities:
- Block certain troublesome ports (unsecured smtp, bittorrent, etc.)
- Block all but a few approved ports (http, https, ssh, imap-ssl, etc.)
I see several downsides with option 2. Occasionally web servers are hosted on non-standard ports and we would have to deal with the resulting issues. Also, there is nothing preventing a malicious or unwanted service from being hosted on port 80, for instance. What are are the upsides?
© Server Fault or respective owner