Rich Kulawiec on 23 Oct 2016 17:45:11 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Egress filters & monitoring

On Sun, Oct 23, 2016 at 05:28:16PM -0400, JP Vossen wrote:
> TL;DR: Lock down your outgoing traffic and monitor your logs.

Excellent advice, including the rest.  As I've advised people (most
often: people who have just had a major security incident) the first
rule in every firewall you have should be the semantic equivalent of:

		deny all from any to any

That is: complete bidirectional blocking of all traffic.  Subsequent
rules should permit only the traffic required for the operation of
your business/institution/whatever.  Yes, this means that you must
have exhaustive knowledge of every system, every service, every protocol,
every port...but as Marcus Ranum pointedly asked, how can you call
yourself the Chief Technology Officer if you don't know what your
technology is doing?

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --