RE: Outbound Access through Firewalls

From: Jason Graun (jgraun@attbi.com)
Date: Tue Apr 08 2003 - 00:49:50 GMT-3

• Next message: Jason Cash: "RE: 3550 static portsecurity"
• Previous message: Jonathan V Hays: "RE: QOS question on Bc with CAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well I work for a bank and the number one reason is that you need to control
what flows out of the network for multiple reasons. 1) Corporate
espionage, FTP for example is very easy to send larges amounts of SEC
violating material, for example. 2) What outbound application on
connection establishment would use a port other then 80/443? Take the SQL
slammer worm if you only allow port 80/443 out of your network, 1. You
cannot be blamed for not be due-diligent and breaking somebody else's
network 2. You are being a good Internet Citizen AKA Netizen. Executive
management rarely cares about number 2, number 1 is a CYA; Cover Your Ass.
There are probably other reasons as well but I cannot think of any right,
the number reason in my opinion is corporate espionage, outbound filtering
allows you to keep data confidential. Other financial firms do this as
well.

Jason CCIE CISSP MCSE

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Daniel Cisco Group Study
Sent: Monday, April 07, 2003 9:25 PM
To: ccielab@groupstudy.com
Subject: OT: Outbound Access through Firewalls

Has anyone come across a good document on the net outlining reasons for
controlling outbound access through firewalls?

I'm very much aware of the (obvious) reasons, but I'm looking for an
"authoritative" document on the subject....

Any help would be much appreciated.

Daniel

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************

• Next message: Jason Cash: "RE: 3550 static portsecurity"
• Previous message: Jonathan V Hays: "RE: QOS question on Bc with CAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:48 GMT-3