Synology Disk DS211J

• Previous message (by thread): Synology Disk DS211J
• Next message (by thread): Synology Disk DS211J
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/29/11 17:46 , Robert Bonomi wrote:
>> From: Nathan Eisenberg <nathan at atlasnetworks.us>
>> Subject: RE: Synology Disk DS211J
>> Date: Thu, 29 Sep 2011 21:58:23 +0000
>>
>>> And this is why the prudent home admin runs a firewall device he or she 
>>> can trust, and has a "default deny" rule in place even for outgoing 
>>> connections.
>>>
>>> - Matt
>>>
>>>
>>
>> The prudent home admin has a default deny rule for outgoing HTTP to port 
>> 80?  I doubt it.
>>
> 
> No, the prudent nd knowledgable prudent home admin does not have default deny
> rule just for outgoing HTTP to port 80.
> 
> He has a  defult deny rule  for _everything_.  Every internal source address,
> and every destination port.  Then he pokes holes in that 'deny everything'
> for specific machines to make the kinds of external connections that _they_
> need to make.

Tell me how that flys with the customers in your household...

> Blocking outgoing port 80, _except_ from an internal proxy server, is not
> necessrily a bad idea.   If the legitimte web clients are all configured
> to use the proxy server, then _direct_ external connection attempts are 
> an indication that something "not so legitimate" may be runningunning.
> 
> 
> 
> 

• Previous message (by thread): Synology Disk DS211J
• Next message (by thread): Synology Disk DS211J
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]