Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request fo

Rich Freeman on 2 Aug 2017 10:05:40 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Date: Wed, 2 Aug 2017 13:05:33 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=cPONMkZITVP0d78/boGSk4Dw2aE04fvElIQfkJNJx0o=; b=REeyMsjHMYh9MhLE+EBNptS5HqTWNX7khFjrZx62hk/MSWl4JED1G1SeVYz6cLq21R aQwWECc/aZq1YQhETP96T5GUcQMKgT8OdT/40aVn68IIVEB80zYCNxXBOuYAuDzDVGF8 t/1cbqRdwYjCy6g2KnA7b001lsiXGVLldtUR61r36M1tD5dzEt7/RSV1lcpYNxdpLLHa DSGzOdLgdFIGuNNn1rc4Pkyki5oGCw6VOs6hAnFnXnuk/G0oGmt8aSJaJ9TrebMzK0ac 2LmyBDLaRam0mwS8RwXV89/UgVTIK7AFPhRudOLxhN0AOM9DNzGam3ShiHyO6UFtXkwy IFKw==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Wed, Aug 2, 2017 at 11:16 AM, Rich Kulawiec <rsk@gsp.org> wrote:
>
>
> Which brings me to my point: why would you allow this when you can stop it?
>

What is the best way to go about this?  I assume you're talking about
blocking outgoing traffic by default, since everybody already blocks
incoming traffic by default.  It seems like you could spend a LOT of
time playing whack-a-mole with firewall rules punching holes for
legitimate traffic that way.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: bergman@merctech.com

References:
- Re: [PLUG] SSH Hardening : Request for Best Practices
  - From: Rich Kulawiec <rsk@gsp.org>
- [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: Rich Kulawiec <rsk@gsp.org>

Prev by Date: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Next by Date: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Previous by thread: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Next by thread: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Index(es):
- Date
- Thread