Hello All,
just wondering if the prevailing philosophy on firewall management is to 1) allow everything outbound and restrict inbound or 2) restrict both inbound and outbound?
We have a situation where we are getting hit with ZeroAccess Root Kit and it is occasionally changing the ports it uses. I can create an ACL that blocks a port each time it changes but that begs the bigger question of should we just restrict everything inbound AND outbound.
Thanks in advance. All replies rated.