Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
5
Helpful
1
Replies

Firewall Management - All Access Pass?

angel-moon
Level 7
Level 7

‎10-29-2013 09:53 AM - edited ‎03-11-2019 07:57 PM

                   Hello All,

just wondering if the prevailing philosophy on firewall management is to 1) allow everything outbound and restrict inbound or 2) restrict both inbound and outbound?

We have a situation where we are getting hit with ZeroAccess Root Kit and it is occasionally changing the ports it uses.  I can create an ACL that blocks a port each time it changes but that begs the bigger question of should we just restrict everything inbound AND outbound.

Thanks in advance.  All replies rated.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎10-29-2013 09:59 AM

Both philosophies are quite common, but it's obvious that the second group lives more secure. And even better in the second scenario if ports are not only just opened on demand, but if the needed traffic is also send through a L7-device like a filtering proxy for HTTP/HTTPS for example.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card