![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
lock down: what are the only parts you need open
- Thread starter El Nacho
- Start date
- Joined
- Jun 27, 2001
- Messages
- 15,805
80 would be general use if it was a webserver...
if its really "general" use then it really shouldent need ANY ports open
...wait do you mena outgoing? or incoming?
if its really "general" use then it really shouldent need ANY ports open
...wait do you mena outgoing? or incoming?
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
El Nacho said:
What are you using to lock down the laptops? What is the typical use of the laptops?
norton firewall (what ever the newer one is). These laptops are used for our sales guys. When they are in the office they are on a domain and the firewall turns itself off. On the road, the firewall turns its self on. The only thing that they use that needs the interent is IE
I guess what i'm asking are there any windows components that have to access the internet if you are using a interenet connection. I havent worked on this project in about a month, but i recall trying to only allow traffice on port 80 and I couldnt get IE to connect.
This would be for both incoming and outgoing ports.
I guess what i'm asking are there any windows components that have to access the internet if you are using a interenet connection. I havent worked on this project in about a month, but i recall trying to only allow traffice on port 80 and I couldnt get IE to connect.
This would be for both incoming and outgoing ports.
i dont know if that norton thing does stateful inspection, because if it does, you can simply just block all incoming, and only allow out ports 80 and possibly 25 if they need to send mail (should be using webmail on the road anyways) and keep state on outgoing connections so they are allowed back in, and ta da semi locked down...then you still have to deal with the fact that there are so many IE vulns released all the time, that you really have not improved your security that much for the travelling users, as they might be jumping to network segments where there are viruses / worms abound.
</rant>
</rant>
They will use citrix (nfuse) to access their email. I wish i could get the company to use firefox, as it wold help. I have allready done some testing this morning. And IE wont connect unless a 20 other ports are open. I'll make a list when i get back in the office.