Linux Today: Linux News On Internet Time.

Security Portal: Firewalls: What To Block

Sep 12, 2000, 19:42 (4 Talkback[s])
(Other stories by Kurt Seifried)

"Oddly enough, this is something many people don't think about a whole lot. In some cases, you can simply deny everything and have a few specific allow rules, resulting in a pretty tight configuration. However, you will more likely have specific blocking rules and allow most other things. This is usually based on port numbers (i.e. service) and destination, but source is also very important. Even if you only allow a few trusted IP addresses to, say, connect to your "secret" web server, an attacker can still spoof packets, and so on. You can reduce the risk by blocking IP addresses that are in "high risk" environments, such as universities, foreign countries and so on (assuming, of course, you are not terribly interested in talking to them via the Internet)."

Complete Story

Related Stories: