i want suggestions on best practice... i am doubting that my internal network has some virus or trozen .. and from my router all traffic is allowed from inside to outside .. and from outside only couple of ports and established connections ..
my requirement is .. i want to take out the possibility of my router sending the garbage out to wan link which is actually blocking my link .. what is the best way to do the same... plz advise.. how you guys do in your environment... can we only allow the reply to my ports which i have allowed on my outside wan port.. so at least i will be sure that no etra traffic is going out. please advise.
I am not too sure if it is really scalable to keep blocking ports. I would recommend a filter device inline with the router which could be scanning the traffic all the time or some inline cards. You can also check open source solutions like untangle.
The thing is that the trojan is initiating the traffic from inside , so there is no real use to filter the traffic from the outside to inside. A good think will be to restrict the users to some well known destination ports to the internet : tcp 80 , tcp 443 , tcp 21/20. A better way to offer internet access to the users is Proxy - you can inspect and restrict the user access.
hi DAN .. as such i dont have much frm inside to send to outside ... the way my setup is .. i have two rewuirements..
1. exchage .. so ppl connect from outside ... so on, outside port i allowed 443/25 and dns
2. ppl RDP to public ip which are on inside LAN ..
now my requiremnt is no to allow any thing from inside interface to send to outside WAN .. so doing this .. will atleast give me some confidence that the traffic which is gooing out is correct .. any suggestions