Solved

ASA firewall - general question on outgoing traffic filtering

Posted on 2014-09-03
1
191 Views
Last Modified: 2014-09-30
Hi,

General question here. We have "allow all" for traffic out. I realize this is not best practice however we are
very short staffed. I understand that it should be filtered for just "required" ports - ie 25, 80 DNS etc. I also understand that some applications may break if i perform this restriction - some use non standard or other ports to make connections.

My question: How common is it to "not restrict" outbound traffic? this was first setup like this by a competent Cisco engineer on a PIX firewall, This was 10 years ago though and I understand that risks are now more prevalent
0
Comment
Question by:philb19
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 2

Accepted Solution

by:
Ben Stirling earned 500 total points
ID: 40301344
It is sadly very common in small to midsize businesses to see “allow all” for out bound traffic. That does not make it acceptable. My recommendation to you is to review your traffic for a few days. Add out bound rules for the traffic you see, and as you have time review, audit, and update. This is NOT the best or most secure approach, but if your only other option at this time is “allow all”…   then at least you have blocked anything new trying to get out.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question