View Single Post
  #4   (View Single Post)  
Old 26th January 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

One more thing to consider...

What is far more important than a "paranoid" rule set is understanding what applications you want to allow and how they use the net.

The most careful admins will only permit network use by applications desired, and map rules to expected behavior. Any pass rule should be carefully written. If you are truly concerned about the welfare of your own networks, even if you don't care about your impact on other networks, this should be your goal.

For example, an outbound "pass all" does not protect against anything using the workstation as a vector... from virii that might spew spam, to a bad actor with command and control.

Obviously, those are more likely on windows platforms... but the risk is not zero. Admin mistakes can permit attacks, and have.
Reply With Quote