Q

Types of traffic to block at the firewall

What types of traffic should definitely be blocked at the firewall?

You should block all services that do not have an explicit business need. In the olden days (say, five years ago), we had the luxury of being able to just block certain services that had security holes. Nowadays, any service you let through your firewall exposes you to risks associated with that particular service, as well as opening up a tunnel an attacker can use to communicate with a backdoor. So, in the past, you may have just closed eight services or so. Now, you must close them all at a firewall and just turn on those services you really need. So, if you have a Web server, allow only Web requests and responses. If you have a DNS server, allow DNS requests and responses and so on.

Please keep in mind that you must implement this in both directions: outgoing and incoming. Some folks think that if they just filter incoming connections, they are safe. However, outgoing connections are increasingly used by the bad guys to communicate with backdoors. I can hack your boxes through a limited incoming connection (say I just use a buffer overflow carried via HTTP or DNS traffic). I use this overflow to configure your boxes to push me out a shell using a tool like Netcat, reverse WWW shell or even just plain old X window terminals. Then, I have incoming shell access via outgoing traffic. Bummer. That's why you have to block all traffic, coming in or going out, for all services except what you absolutely need.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Firewalls
Ask the Expert: Determining which TCP/IP services are needed


This was first published in June 2002
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close