[ previous ] [ next ] [ threads ]
 
 From:  George Bourozikas <george at bourozikas dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking outbound traffic - concessus
 Date:  Fri, 1 Apr 2005 09:34:57 -0500
On Friday 01 April 2005 03:29, A dot L dot M dot Buxey at lboro dot ac dot uk wrote:
> Hi,
>
> > What types of traffic are you blocking from a business perspective ? I
> > am just curious about what traffic I might want to block in the LAN
> > outbound direction..ie P2P, IM, 445 ports.

I am new to m0n0 but have a bunch of clients behind iptables-based firewalls 
and I have come to 2 conclusions:

1) If you are worried about users doing the wrong thing then you should be 
educating the users and cultivating an open and collegial atmosphere in the 
workplace.  If someone really wants to get around a firewall from the inside 
it's kind of trivial.

2) The things to be worried about are zombies and botnets and that's where an 
IDS helps; the most efficient IDS is a user saying "My computer is very slow 
today."

--george