Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: WAN = LAN Security - Firewall

WAN = LAN Security - Firewall 15 years 4 months ago #58

  • Manip
  • Manip's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 50
  • Thank you received: 0
After the big SQL drama where a few hundred or thousand ppl had left MS SQL ports open to the internet. I wonder how do ppl in this forum do their network firewall:

A. Possitive (Allow all unless dangerous)
B. Negitive (Block all unless needed)

I can't imagine going though the process of allowing all ports it just like having a homepage that says "Un-Hackable" you just wouldn't do it. On my network I block everything except HTTP (Port 80) and other particular ports that I might need open for a service eg FTP, Telnet.

[ 01 February 2003: Message edited by: Manip ]

Please Log in to join the conversation.

WAN = LAN Security - Firewall 15 years 4 months ago #59

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13
I agree on your methods ...
I actually do the same with every firewall I get my hands on [img]images/smiles/icon_smile.gif

Block everything and then start to make explicit rules to allow specific traffic.

I find it to be easy to control and manageable.


Chris P.

Please Log in to join the conversation.

Chris Partsenidis.
Founder & Editor-in-Chief

Re: WAN = LAN Security - Firewall 14 years 8 months ago #882

'That which is not expressly permitted is denied'

is the correct way to go about things. First off it makes administration so much easier.. you just put in rules for the traffic you want to get through, and then stick a clean up rule at the end

source : any
destination : any
service : any
action : deny

The funny thing is, I've seen a large networks, where the firewall was installed, and just for the testing phase they had the clean up rule with action - allow.. they did this just to make sure the networking was working (it was a large migration) however after the whole thing was finished, someone forgot to change that rule back to deny ! in other words.. boom .. no firewall :)

These stupid things happen so often that it defies reason !

Please Log in to join the conversation.

Sahir Hidayatullah. Staff - Associate Editor & Security Advisor
  • Page:
  • 1
Time to create page: 0.138 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup