[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Synology Disk DS211J

Subject: Synology Disk DS211J
From: bonomi at mail.r-bonomi.com (Robert Bonomi)
Date: Thu, 29 Sep 2011 19:46:09 -0500 (CDT)
In-reply-to: <8C26A4FDAE599041A13EB499117D3C286B58F425@ex-mb-1.corp.atlasnetworks.us>

> From: Nathan Eisenberg <nathan at atlasnetworks.us>
> Subject: RE: Synology Disk DS211J
> Date: Thu, 29 Sep 2011 21:58:23 +0000
>
> > And this is why the prudent home admin runs a firewall device he or she 
> > can trust, and has a "default deny" rule in place even for outgoing 
> > connections.
> >
> > - Matt
> >
> >
>
> The prudent home admin has a default deny rule for outgoing HTTP to port 
> 80?  I doubt it.
>

No, the prudent nd knowledgable prudent home admin does not have default deny
rule just for outgoing HTTP to port 80.

He has a  defult deny rule  for _everything_.  Every internal source address,
and every destination port.  Then he pokes holes in that 'deny everything'
for specific machines to make the kinds of external connections that _they_
need to make.

Blocking outgoing port 80, _except_ from an internal proxy server, is not
necessrily a bad idea.   If the legitimte web clients are all configured
to use the proxy server, then _direct_ external connection attempts are 
an indication that something "not so legitimate" may be runningunning.

Follow-Ups:
- Synology Disk DS211J
  - From: joelja at bogus.com (Joel jaeggli)

References:
- Synology Disk DS211J
  - From: nathan at atlasnetworks.us (Nathan Eisenberg)

Prev by Date: Synology Disk DS211J
Next by Date: Synology Disk DS211J
Previous by thread: Synology Disk DS211J
Next by thread: Synology Disk DS211J
Index(es):
- Date
- Thread