April 22nd, 2005 07:08 PM
lan 2 wan = what to restrict?
I am putting in a corporate firewall for a medium size business. The default settings for the firewall are:
traffic - lan --> wan = no port restriction
traffic - wan --> lan = all ports blocked
How secure should I make the lan --> wan connection? I know I need port 80 for web browsing but what else?
April 22nd, 2005 07:21 PM
You need to look at the business needs to determine this. For example:
1. What does tho company do?
2. How many offices?
3. Any partners and / or vendors?
4. Propriatary applications?
6. Where is the mail server?
7. How about the web server?
You might also want to consider restricting user access to wan for a few things like:
5. P2P etc..
April 22nd, 2005 10:12 PM
WAN -> LAN
You _only_ require ingress from the WAN to services the company provides such as a mail server, web site etc. Other than that all ingress _must_ be denied..... period!!!!
LAN -> WAN
Run the firewall with logging set to log all outbound packets for a working week and then parse the logs for the Destination Port on all the SYN packets on outbound connections. List them out, determine the validity of the traffic, remove the viruses, worms, RATS and trojans from the offending machines and then block all outbound traffic that isn't valid or is never connected to.
Let the needs of the company _guide_ you but be firm when implementing a security device when they say "but I need my Kazaa"...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
April 22nd, 2005 10:33 PM
good answers, i will set the logging for one week and review. I will keep you guys updated.