After the big SQL drama where a few hundred or thousand ppl had left MS SQL ports open to the internet. I wonder how do ppl in this forum do their network firewall:
A. Possitive (Allow all unless dangerous)
B. Negitive (Block all unless needed)
I can't imagine going though the process of allowing all ports it just like having a homepage that says "Un-Hackable" you just wouldn't do it. On my network I block everything except HTTP (Port 80) and other particular ports that I might need open for a service eg FTP, Telnet.
is the correct way to go about things. First off it makes administration so much easier.. you just put in rules for the traffic you want to get through, and then stick a clean up rule at the end
source : any
destination : any
service : any
action : deny
The funny thing is, I've seen a large networks, where the firewall was installed, and just for the testing phase they had the clean up rule with action - allow.. they did this just to make sure the networking was working (it was a large migration) however after the whole thing was finished, someone forgot to change that rule back to deny ! in other words.. boom .. no firewall
These stupid things happen so often that it defies reason !