Rich Freeman on 2 Aug 2017 12:37:45 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]


On Wed, Aug 2, 2017 at 3:30 PM, Lee H. Marzke <lee@marzke.net> wrote:
> I'd think you would open up necessary ports outbound, and if youre geoip
> blocking whitelist countries as needed while blocking the rest, in
> combination with some of the published block lists.
>
> Looks like all that functionality is in the pfBlock module of pfSense but I
> haven't tried it yet.
>
> Not practical to whitelist sites.
>

Well, if you're going to allow anything outgoing to port 80, then I'd
think that just about any kind of malware imaginable could make its
way through that hole.  You can tunnel anything through that, even if
you check that it is really http.  And let's not even get into port
443.

Doing it at the perimeter of a server farm does make complete sense to
me though.  You could definitely lock down everything in both
directions there.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug