01-25-2007 04:14 PM - edited 03-11-2019 02:24 AM
Hi - Is there any referance to what might be considered common network security best practices - specific to which ports/protocols to allow or block from the internet. I've been checking cert, sans, cisco - but unable to find any reference. I know such a reference is dynamic, but am looking for some basic guidelines - blocking netbios, x-win etc if not required from internet type of examples
thanks
arathy
01-25-2007 09:39 PM
Take a look at this document a little bit outdated but still good !
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci838215,00.html
Other useful links:
http://security.berkeley.edu/bestpractices.html
http://www.sans.org/reading_room/
http://www.securityfocus.com/firewalls
sincerely
Patrick
02-01-2007 01:09 PM
Apart from that, you should also employ Anti-Spoofing techniques
For networks employing legitimate IP public address space, traffic arriving inbound on an external connection sourced from common, internal IP address ranges should be considered ?spoofed? and should be denied.
Anti-spoofing should be done at every point in the network where it's practical, but is usually both easiest and most effective at the borders between large address blocks, or between domains of network administration. It's usually impractical to do anti-spoofing on every router in a network, because of the difficulty of determining which source addresses may legitimately appear on any given interface.
When employing the explicit-deny strategy, the list of denied networks should be as comprehensive and thorough as possible. Most of, if not all, the following network ranges should be denied when employing the explicit deny strategy:
RFC 1918 Private Address Range
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
RFC 1918 Reserved/Special Address Range
127.0.0.0/8
192.0.0.0/23
192.0.2.0/24
192.1.0.0/22
TCP/IP Auto-configuration (RFC 1918) Address Range
169.254.0.0/16
Functionally-Illegitimate Address Range
0.0.0.0/8
Source-Broadcast Address Range
255.255.255.255/32
Multicast Address Range
224.0.0.0/4
02-01-2007 10:14 PM
Check out the NSA references at this address:
http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1
If the link doesn't work just go to the NSA site and click on the Information Assurance link. They have a lot of information on hardening IT systems.
02-05-2007 07:09 AM
General rule with inbound Internet traffic is to block everything with exception to ports that are commonly required such as the following:
-TCP 80 (if you are hosting a web server)
-TCP 443 (hosting a secure web server)
-UDP 53 (external DNS)
-TCP 20,21 (hosting an FTP server)
And so on....you may require additional ports to be opened depending on your specific environment. Also, as mentioned earlier, anti-spoofing techniques should be implemented as well to avoid potential anit-spoofing attacks using invalid IP addresses.
Please rate if you have found this post useful. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide