Results 1 to 4 of 4

Thread: lan 2 wan = what to restrict?

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    123

    Question lan 2 wan = what to restrict?

    I am putting in a corporate firewall for a medium size business. The default settings for the firewall are:

    traffic - lan --> wan = no port restriction
    traffic - wan --> lan = all ports blocked

    How secure should I make the lan --> wan connection? I know I need port 80 for web browsing but what else?

  2. #2
    Junior Member
    Join Date
    Apr 2005
    Posts
    4
    You need to look at the business needs to determine this. For example:

    1. What does tho company do?
    2. How many offices?
    3. Any partners and / or vendors?
    4. Propriatary applications?
    5. VoIP?
    6. Where is the mail server?
    7. How about the web server?
    etc ......


    You might also want to consider restricting user access to wan for a few things like:

    1. POP3
    2. Telnet
    3. FTP
    4. IM
    5. P2P etc..

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    WAN -> LAN

    You _only_ require ingress from the WAN to services the company provides such as a mail server, web site etc. Other than that all ingress _must_ be denied..... period!!!!

    LAN -> WAN

    Run the firewall with logging set to log all outbound packets for a working week and then parse the logs for the Destination Port on all the SYN packets on outbound connections. List them out, determine the validity of the traffic, remove the viruses, worms, RATS and trojans from the offending machines and then block all outbound traffic that isn't valid or is never connected to.

    Let the needs of the company _guide_ you but be firm when implementing a security device when they say "but I need my Kazaa"...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    123
    good answers, i will set the logging for one week and review. I will keep you guys updated.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •