Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Firewall Management - All Access Pass?

                   Hello All,

just wondering if the prevailing philosophy on firewall management is to 1) allow everything outbound and restrict inbound or 2) restrict both inbound and outbound?

We have a situation where we are getting hit with ZeroAccess Root Kit and it is occasionally changing the ports it uses.  I can create an ACL that blocks a port each time it changes but that begs the bigger question of should we just restrict everything inbound AND outbound.

Thanks in advance.  All replies rated.

1 REPLY
VIP Purple

Firewall Management - All Access Pass?

Both philosophies are quite common, but it's obvious that the second group lives more secure. And even better in the second scenario if ports are not only just opened on demand, but if the needed traffic is also send through a L7-device like a filtering proxy for HTTP/HTTPS for example.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

74
Views
5
Helpful
1
Replies
CreatePlease to create content