WAN = LAN Security - Firewall

After the big SQL drama where a few hundred or thousand ppl had left MS SQL ports open to the internet. I wonder how do ppl in this forum do their network firewall:

A. Possitive (Allow all unless dangerous)
B. Negitive (Block all unless needed)

I can't imagine going though the process of allowing all ports it just like having a homepage that says "Un-Hackable" you just wouldn't do it. On my network I block everything except HTTP (Port 80) and other particular ports that I might need open for a service eg FTP, Telnet.

[ 01 February 2003: Message edited by: Manip ]

I agree on your methods ...
I actually do the same with every firewall I get my hands on [img]images/smiles/icon_smile.gif[/img]

Block everything and then start to make explicit rules to allow specific traffic.

I find it to be easy to control and manageable.

Cheers,

Chris P.

'That which is not expressly permitted is denied'

is the correct way to go about things. First off it makes administration so much easier.. you just put in rules for the traffic you want to get through, and then stick a clean up rule at the end

source : any
destination : any
service : any
action : deny

The funny thing is, I've seen a large networks, where the firewall was installed, and just for the testing phase they had the clean up rule with action - allow.. they did this just to make sure the networking was working (it was a large migration) however after the whole thing was finished, someone forgot to change that rule back to deny ! in other words.. boom .. no firewall

These stupid things happen so often that it defies reason !