[ previous ] [ next ] [ threads ]
 
 From:  "ryanag at zoominternet dot net" <ryanag at zoominternet dot net>
 To:  Don Munyak <don dot munyak at gmail dot com>
 Cc:  "A dot L dot M dot Buxey at lboro dot ac dot uk" <A dot L dot M dot Buxey at lboro dot ac dot uk>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking outbound traffic - concessus
 Date:  Fri, 01 Apr 2005 21:54:27 -0500
I personally think web proxies that strip out garbage (squid has some
addons that do this if you are looking for an open source solution) give
some very useful outbound protection since IE seems to be such a large
security hole.

Another major problem are laptops that leave, then come back with bad
surprises.

If you want another layer (although I don't know that you need one), you
might want to check out some sort of personal firewall solution for the
laptops on your network. Kerio ( http://www.kerio.com/kpf_home.html )
makes a decent product along these lines that can be easily configured
with strict rules when away from the corporate network.




On Fri, 2005-04-01 at 09:02 -0500, Don Munyak wrote:
> > however, as m0n0 has NO IDEA AT ALL about what the traffic really is
> > (no packet inspection) anyone with more than half a clue could simply
> > run whatever they wanted through those open ports.
> 
> We are running an in-line IPS directly behind m0n0wall for added
> layered security, and are quite pleased.
> 
> internet--router--m0n0--IPS--lan
> 
> You would not beleive the crap the IPS is catching/blocking. 
> 
> Anyway, I was originally just wondering how everyone else is doing
> things. More to confirm my thoughts as well as improve upon the steps
> I've taken.
> 
> - Don
> 
> 
> On Apr 1, 2005 3:29 AM, A dot L dot M dot Buxey at lboro dot ac dot uk <A dot L dot M dot Buxey at lboro dot ac dot uk> wrote:
> > Hi,
> > 
> > > What types of traffic are you blocking from a business perspective ? I
> > > am just curious about what traffic I might want to block in the LAN
> > > outbound direction..ie P2P, IM, 445 ports.
> > 
> > for the purpose in which we are using/testing m0n0 we are only allowing
> > 
> > 80/443 ('web' and 'secure web')
> > 22 ('ssh')
> > 465/993/995 ('SSL mail protocols')
> > 554 ('RTSP')
> > 
> > ..and of those, only the required TCP or UDP port.
> > 
> > however, as m0n0 has NO IDEA AT ALL about what the traffic really is
> > (no packet inspection) anyone with more than half a clue could simply
> > run whatever they wanted through those open ports.
> > 
> > such traffic, with our current setup, is actually trapped by a few more boxes
> > further along the network (and detected with SNORT etc)
> > 
> > alan
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>