Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: WAN = LAN Security - Firewall

WAN = LAN Security - Firewall 15 years 1 month ago #58

  • Manip
  • Manip's Avatar
  • Offline
  • Frequent Member
  • Posts: 50
  • Karma: 0
After the big SQL drama where a few hundred or thousand ppl had left MS SQL ports open to the internet. I wonder how do ppl in this forum do their network firewall:

A. Possitive (Allow all unless dangerous)
B. Negitive (Block all unless needed)

I can't imagine going though the process of allowing all ports it just like having a homepage that says "Un-Hackable" you just wouldn't do it. On my network I block everything except HTTP (Port 80) and other particular ports that I might need open for a service eg FTP, Telnet.

[ 01 February 2003: Message edited by: Manip ]
The administrator has disabled public write access.

WAN = LAN Security - Firewall 15 years 1 month ago #59

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1447
  • Thank you received: 13
  • Karma: 8
I agree on your methods ...
I actually do the same with every firewall I get my hands on

Block everything and then start to make explicit rules to allow specific traffic.

I find it to be easy to control and manageable.


Chris P.
Chris Partsenidis.
Founder & Editor-in-Chief
The administrator has disabled public write access.

Re: WAN = LAN Security - Firewall 14 years 5 months ago #882

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
'That which is not expressly permitted is denied'

is the correct way to go about things. First off it makes administration so much easier.. you just put in rules for the traffic you want to get through, and then stick a clean up rule at the end

source : any
destination : any
service : any
action : deny

The funny thing is, I've seen a large networks, where the firewall was installed, and just for the testing phase they had the clean up rule with action - allow.. they did this just to make sure the networking was working (it was a large migration) however after the whole thing was finished, someone forgot to change that rule back to deny ! in other words.. boom .. no firewall :)

These stupid things happen so often that it defies reason !
Sahir Hidayatullah. Staff - Associate Editor & Security Advisor
The administrator has disabled public write access.
Time to create page: 0.133 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup