Solved

ASA firewall - general question on outgoing traffic filtering

Posted on 2014-09-03
1
188 Views
Last Modified: 2014-09-30
Hi,

General question here. We have "allow all" for traffic out. I realize this is not best practice however we are
very short staffed. I understand that it should be filtered for just "required" ports - ie 25, 80 DNS etc. I also understand that some applications may break if i perform this restriction - some use non standard or other ports to make connections.

My question: How common is it to "not restrict" outbound traffic? this was first setup like this by a competent Cisco engineer on a PIX firewall, This was 10 years ago though and I understand that risks are now more prevalent
0
Comment
Question by:philb19
1 Comment
 
LVL 2

Accepted Solution

by:
Ben Stirling earned 500 total points
ID: 40301344
It is sadly very common in small to midsize businesses to see “allow all” for out bound traffic. That does not make it acceptable. My recommendation to you is to review your traffic for a few days. Add out bound rules for the traffic you see, and as you have time review, audit, and update. This is NOT the best or most secure approach, but if your only other option at this time is “allow all”…   then at least you have blocked anything new trying to get out.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Pfsense - and other email Servers 8 48
Internet Connection -- PING testing ? 1 42
2960 port config for both PC & SIP phone using QoS 2 19
IP range 6 31
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question