[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN/WISP block or WAN block ?
 Date:  Mon, 31 Jul 2006 13:35:21 -0400
On 7/31/06, C. Andrew Zook <andrewzook at pdqlocks dot com> wrote:
> If you are worried about the security of your network, it would be a lot
> safer to just block everything and allow only the ports that you need
> rather than try to figure out what bad ports to block.
>

Yes.  Doing otherwise violates both #1 and (to a lesser extent) #2 of
The Six Dumbest Ideas in Computer Security.  I'll let Marcus explain.
http://ranum.com/security/computer_security/editorials/dumb/index.html

-Chris