Thomas Delrue on 2 Aug 2017 11:08:23 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices] |
On Wed, Aug 2, 2017 at 1:19 PM, Thomas Delrue <delrue.thomas@gmail.com> wrote:
I think his point is that you disallow everything by default and then only open up what your really need.
So, do you whitelist every individual web server you browse? Oh, and
I assume you proxy those requests to check the URLs because one of
those virtual hosts could be also hosting malware on some other
domain?
And if you just blindly accept http everything then boom, there is the
path that malware can use to contact the command/control server.
I have to imagine that outbound traffic is VERY diverse. This is why
I think people tend to open things up.
Sure, it is a no-brainer to do this inbound, but who doesn't already do that?
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug