-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: dave.goldsmithat_private > [mailto:dave.goldsmithat_private] Sent: Wednesday, August 01, > 2001 12:48 PM > To: incidentsat_private > > Is there normally any reason for a web server to initiate OUTBOUND > connections to the Internet? If not, why not block such > outbound packets? Dave, you're right on. That's exactly the reason I wrote a small article yesterday. Apparently SecurityFocus decided not to publish it to the list. It went along the lines that everyone (incl. CERT, SANS, etc) only focuses on the patch, and completely ignores to mention other prevent measures, like blocking outbound connections from the web server. (There are exceptions, like payment processing systems, DNS in some cases, HIDS, but the idea of limiting outbound access is something most everyone did not include in their bulletins). Good security is multi-layered security. Level 1 is the patch, level 2 are your mentioned firewall rules. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBO2hLsZytSsEygtEFEQJHNACg97SQ5RJ0cukCvO7yZTFpj8CDhFgAoPwj w5fDQuawFayiiUcsZxcbixmW =fCeM -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 12:13:00 PDT