ASA firewall - general question on outgoing traffic filtering

Hi,

General question here. We have "allow all" for traffic out. I realize this is not best practice however we are
very short staffed. I understand that it should be filtered for just "required" ports - ie 25, 80 DNS etc. I also understand that some applications may break if i perform this restriction - some use non standard or other ports to make connections.

My question: How common is it to "not restrict" outbound traffic? this was first setup like this by a competent Cisco engineer on a PIX firewall, This was 10 years ago though and I understand that risks are now more prevalent
LVL 1
philb19Asked:
Who is Participating?
 
Ben StirlingConnect With a Mentor Operations Technology AnalystCommented:
It is sadly very common in small to midsize businesses to see “allow all” for out bound traffic. That does not make it acceptable. My recommendation to you is to review your traffic for a few days. Add out bound rules for the traffic you see, and as you have time review, audit, and update. This is NOT the best or most secure approach, but if your only other option at this time is “allow all”…   then at least you have blocked anything new trying to get out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.