[Gllug] IPcop Question

Bruce Richardson itsbruce at uklinux.net
Sat Mar 20 13:13:44 UTC 2004


On Sat, Mar 20, 2004 at 11:12:18AM +0000, Sean wrote:
> Xander D Harkness wrote:
> >Ken Smith wrote:
> >
> >>Hi Folks, I have an IPCop port forwarding question. 
> 
> on a related note ...
> 
> I use smoothwall at work (installed it just before I found out about the 
> ipcop fork)
> 
> 
> Until recently we had a policy of allowing all outbound traffic - but 
> with the latest microsoft virus this has changed

You should definitely be blocking at least some outbound access.  Block
outbound smtp traffic (for all except any authorised mailhosts), for a
start.  That'll stop many of the worms might infect your workstations from
propagating out of your network and give you a chance to detect them,
simply by monitoring the logs for unauthorised smtp traffice.

> 
> primarily with the need to block outgoing connections to port 81 and so 
> preventing any inadvertently unprotected machines from downloading the 
> virus payload.

Put a proxy server in, make your staff connect to the net through that.
Then you can a) monitor traffic and block specific downloads and b)
limit almost all access out through your firewall to a few privileged
machines.

-- 
Bruce

I unfortunately do not know how to turn cheese into gold.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040320/a328a30d/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list