|
Posted by Brian on July 19, 2007, 9:14 am
If you were Registered and logged in, you could reply and use other advanced thread options
> *Date:* 17 Jul 2007 13:55:51 GMT
>
> doricnews@btinternet.com (Brian) wrote:
>
> > Received wisdom has been that all outgoing ports, other than those
> > actually required for use (e.g. for DNS, the web, e-mail, newsgroups
> > and possibly some others) should be closed.
>
> That's a common security measure, usually used in conjunction with a
> mandatory proxy server
>
> > However, I find it difficult to believe that any serious bug wanting
> > to report home would try to use any port other than one of those
> > which
> > is almost certain to be open, and therefore I wonder how important
> > it
> > now is to close all unused outgoing ports.
>
> True, malware writers have adapted - up to the pint where they use
> Internet Explorer itself to connect out (thus defeating some
> application monitoring systems and proxy servers)
>
> > I have always followed that practice (using IPCop) but I have found
> > it
> > rather annoying when I want to use ftp. For example, I have found
> > using FillZilla that one needs to open 30 or so consecutive ports
> > in order to use passive ftp.
>
> FTP is a nightmare from a fireall POV - it wasn't really designed
> with firewalls in mind, and passive FTP was a hasty add-on to deal
> with them.
>
> > My question is not entirely academic because circumstances may force
> > me to use a firewall which does not have the ability to close
> > outgoing
> > ports.
>
> Closing outbound ports can enhance security, but not being able to do
> so shouldn't be a showstopper. However, it means that you can't
> control who can connect outbound should you desire so...
>
> Juergen Nieveler
> --
> Give me the money that has been spent in war, and ... I will clothe
> every man, woman and child in attire of which kings and queens would
> be proud.
> Henry Richard
>
Thanks for your comments Juergen.
I had not realised that bugs were able to use Internet Explorer for
outward transmissions. Although, as you intimate this ability will
reduce the worth of programs like Zone Alarm, I suppose that programs
like ProcessGuard, which the defunct company DiamondCS use to market,
may be able to detect activity which would warn a user of something
untoward.
Brian
| 
XML site map