topic Firewall Management - All Access Pass? in Network Security https://community.cisco.com/t5/network-security/firewall-management-all-access-pass/m-p/2374133#M310117 <HTML><HEAD></HEAD><BODY><P>Both philosophies are quite common, but it's obvious that the second group lives more secure. And even better in the second scenario if ports are not only just opened on demand, but if the needed traffic is also send through a L7-device like a filtering proxy for HTTP/HTTPS for example.</P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Tue, 29 Oct 2013 16:59:51 GMT Karsten Iwen 2013-10-29T16:59:51Z Firewall Management - All Access Pass? https://community.cisco.com/t5/network-security/firewall-management-all-access-pass/m-p/2374132#M310114 <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hello All,</P><P></P><P>just wondering if the prevailing philosophy on firewall management is to 1) allow everything outbound and restrict inbound or 2) restrict both inbound and outbound?</P><P></P><P>We have a situation where we are getting hit with ZeroAccess Root Kit and it is occasionally changing the ports it uses.&nbsp; I can create an ACL that blocks a port each time it changes but that begs the bigger question of should we just restrict everything inbound AND outbound.</P><P></P><P></P><P>Thanks in advance.&nbsp; All replies rated.</P> Tue, 12 Mar 2019 02:57:31 GMT https://community.cisco.com/t5/network-security/firewall-management-all-access-pass/m-p/2374132#M310114 angel-moon 2019-03-12T02:57:31Z Firewall Management - All Access Pass? https://community.cisco.com/t5/network-security/firewall-management-all-access-pass/m-p/2374133#M310117 <HTML><HEAD></HEAD><BODY><P>Both philosophies are quite common, but it's obvious that the second group lives more secure. And even better in the second scenario if ports are not only just opened on demand, but if the needed traffic is also send through a L7-device like a filtering proxy for HTTP/HTTPS for example.</P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Tue, 29 Oct 2013 16:59:51 GMT https://community.cisco.com/t5/network-security/firewall-management-all-access-pass/m-p/2374133#M310117 Karsten Iwen 2013-10-29T16:59:51Z