Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
193
Views
5
Helpful
1
Replies

Firewall Management - All Access Pass?

angel-moon
Level 3
Level 3

‎10-29-2013 09:53 AM - edited ‎03-11-2019 07:57 PM

                   Hello All,

just wondering if the prevailing philosophy on firewall management is to 1) allow everything outbound and restrict inbound or 2) restrict both inbound and outbound?

We have a situation where we are getting hit with ZeroAccess Root Kit and it is occasionally changing the ports it uses.  I can create an ACL that blocks a port each time it changes but that begs the bigger question of should we just restrict everything inbound AND outbound.

Thanks in advance.  All replies rated.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎10-29-2013 09:59 AM

Both philosophies are quite common, but it's obvious that the second group lives more secure. And even better in the second scenario if ports are not only just opened on demand, but if the needed traffic is also send through a L7-device like a filtering proxy for HTTP/HTTPS for example.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card