[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Synology Disk DS211J

Subject: Synology Disk DS211J
From: joelja at bogus.com (Joel jaeggli)
Date: Thu, 29 Sep 2011 19:10:10 -0700
In-reply-to: <[email protected]>
References: <[email protected]>

On 9/29/11 17:46 , Robert Bonomi wrote:
>> From: Nathan Eisenberg <nathan at atlasnetworks.us>
>> Subject: RE: Synology Disk DS211J
>> Date: Thu, 29 Sep 2011 21:58:23 +0000
>>
>>> And this is why the prudent home admin runs a firewall device he or she 
>>> can trust, and has a "default deny" rule in place even for outgoing 
>>> connections.
>>>
>>> - Matt
>>>
>>>
>>
>> The prudent home admin has a default deny rule for outgoing HTTP to port 
>> 80?  I doubt it.
>>
> 
> No, the prudent nd knowledgable prudent home admin does not have default deny
> rule just for outgoing HTTP to port 80.
> 
> He has a  defult deny rule  for _everything_.  Every internal source address,
> and every destination port.  Then he pokes holes in that 'deny everything'
> for specific machines to make the kinds of external connections that _they_
> need to make.

Tell me how that flys with the customers in your household...

> Blocking outgoing port 80, _except_ from an internal proxy server, is not
> necessrily a bad idea.   If the legitimte web clients are all configured
> to use the proxy server, then _direct_ external connection attempts are 
> an indication that something "not so legitimate" may be runningunning.
> 
> 
> 
>

Follow-Ups:
- Synology Disk DS211J
  - From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com)
- Synology Disk DS211J
  - From: mpalmer at hezmatt.org (Matthew Palmer)

References:
- Synology Disk DS211J
  - From: bonomi at mail.r-bonomi.com (Robert Bonomi)

Prev by Date: Synology Disk DS211J
Next by Date: Synology Disk DS211J
Previous by thread: Synology Disk DS211J
Next by thread: Synology Disk DS211J
Index(es):
- Date
- Thread