1 |
Grant <emailgrant <at> gmail.com> writes: |
2 |
|
3 |
> Do you block outbound ports |
4 |
> with a firewall or only inbound? |
5 |
|
6 |
Logging outbound traffic, and then looking |
7 |
at (analyzing) the outbound traffic may |
8 |
be of interest to you. Two extremes |
9 |
are wildly unpredictable: human imaginations |
10 |
in a collective where outbound traffic policy |
11 |
is constantly morphing; like a collection |
12 |
of young computer scientist at your local |
13 |
university. Like Alan alluded to, a basic |
14 |
nightmare of intellectual argument as to |
15 |
monitoring or blocking outbound traffic. |
16 |
|
17 |
In the case where the services utilized |
18 |
are more consistent in a pattern that is some |
19 |
what consistent over time. For example a network |
20 |
full of machines (literally machines for |
21 |
physical process control) or servers offering limited |
22 |
fixed services, then blocking outbound traffic |
23 |
(that should not nor never exist) could make sense. |
24 |
In a complex network, this may mean several different |
25 |
firewalls with different policies on outbound |
26 |
traffic. |
27 |
|
28 |
The later network may be a candidate for |
29 |
extensive monitoring, pattern detection and |
30 |
profiling of outbound traffic; with subsequent |
31 |
port blocking. If it's not used, block it, some |
32 |
would say. Whether its is more work than of value, |
33 |
can only be decided by the logs and the policy |
34 |
requirements of that network's owner. |
35 |
|
36 |
|
37 |
hth, |
38 |
James |