| Rich Kulawiec on 23 Oct 2016 17:45:11 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Egress filters & monitoring |
On Sun, Oct 23, 2016 at 05:28:16PM -0400, JP Vossen wrote: > TL;DR: Lock down your outgoing traffic and monitor your logs. Excellent advice, including the rest. As I've advised people (most often: people who have just had a major security incident) the first rule in every firewall you have should be the semantic equivalent of: deny all from any to any That is: complete bidirectional blocking of all traffic. Subsequent rules should permit only the traffic required for the operation of your business/institution/whatever. Yes, this means that you must have exhaustive knowledge of every system, every service, every protocol, every port...but as Marcus Ranum pointedly asked, how can you call yourself the Chief Technology Officer if you don't know what your technology is doing? ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug