Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request fo

Rich Freeman on 2 Aug 2017 10:42:34 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]

From: Rich Freeman <r-plug@thefreemanclan.net>
To: Thomas Delrue <delrue.thomas@gmail.com>
Subject: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Date: Wed, 2 Aug 2017 13:42:26 -0400
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=st9g4s5ahOVnlEcsqP5bK24KfVDg/rvrkMNW/zzKSyE=; b=OZLMTz0BNcGfL9gPOXw9ILo3OOwpYnrdnL/vKtVeKsH7Jhj+72SRqQPhH6jc0WGbFo 8Y7uGGEXQV3nfIkJsjdpXKqZeQm69QUmCdoW8DVY1pjCmRni26LC0zDhNojO/NJBTRme vUwZiaSW2i99Xyzck276cJBGUtD8iQ4O4VwS5QuJT/SJtAGpsR/2bH7d8XvAI4BRuEJD Ap1wXgClVW9f1c2tWlZEFqXYUsSi41DHUZYSV8iSCgsicu/QUQcW44sG/JZ4oiSzninU Ipds1vuULyNFoPMYJuJE29CllAveGcmz9ywly5AQ4W1bUOSvnqVIEzI0irSgURGzLoBb WVug==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Wed, Aug 2, 2017 at 1:19 PM, Thomas Delrue <delrue.thomas@gmail.com> wrote:
>
>  I think his point is that you disallow everything by default and then only open up what your really need.

So, do you whitelist every individual web server you browse?  Oh, and
I assume you proxy those requests to check the URLs because one of
those virtual hosts could be also hosting malware on some other
domain?

And if you just blindly accept http everything then boom, there is the
path that malware can use to contact the command/control server.

I have to imagine that outbound traffic is VERY diverse.  This is why
I think people tend to open things up.

Sure, it is a no-brainer to do this inbound, but who doesn't already do that?

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: Thomas Delrue <delrue.thomas@gmail.com>

References:
- Re: [PLUG] SSH Hardening : Request for Best Practices
  - From: Rich Kulawiec <rsk@gsp.org>
- [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
  - From: Thomas Delrue <delrue.thomas@gmail.com>

Prev by Date: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Next by Date: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Previous by thread: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Next by thread: Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]
Index(es):
- Date
- Thread