Re: Is it recommended to allow all outgoing connections from your firewall??
- From: pauls@xxxxxxxxxxxx
- Date: Wed, 10 May 2006 20:56:15 -0500
--On May 10, 2006 6:22:11 PM -0700 Mark Jayson Alvarez <jay2xra@xxxxxxxxx> wrote:
Because if the machine has been compromised, it doesn't *matter* what the outgoing ruleset is. Or what anything else is, for that matter.
I've seen most people allow all outgoing traffic
originating from the firewall itself... Is this really
recommended?? What if the machine have been
compromised and the intruder have installed a program
that let's him access the machine remotely by having
the program itself to initiate the outgoing connection
to him thus defying the incoming connection firewall
ruleset...
If I hack your box, one of the first things I'm going to do is install a rootkit. Then I'm going to wipe the logs of any evidence of my entry (but leave them intact otherwise), clean my tracks from the shell history file and remove any other evidence of my presence. "Bypassing" your firewall rules is the least of my worries.
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
- Follow-Ups:
- Re: Is it recommended to allow all outgoing connections from your firewall??
- From: Hunter Fuller
- Re: Is it recommended to allow all outgoing connections from your firewall??
- References:
- Is it recommended to allow all outgoing connections from your firewall??
- From: Mark Jayson Alvarez
- Is it recommended to allow all outgoing connections from your firewall??
- Prev by Date: Re: Is it recommended to allow all outgoing connections from your firewall??
- Next by Date: RE: Copying a file system w/ tar - symbolic links not copied right.
- Previous by thread: Re: Is it recommended to allow all outgoing connections from your firewall??
- Next by thread: Re: Is it recommended to allow all outgoing connections from your firewall??
- Index(es):
Relevant Pages
|
