Cable Forum - View Single Post

Matth · 17-06-2004, 19:58

I try to be generic, for things which ARE, and tight, for things which can be tightened without having to specify a new rule every time you do something.

DHCP can be used to misdirect your traffic - and why would somene attack YOU in that way? - well, generally, someone is attacking everyone. DNS is also restricted.

Put simply - I generally don't allow anything which is unexpected, but whwnever a new rule is required, I make it generic enough to cover all expected situations - if you HAVE a decent rules based firewall, no point setting it up like Zonealarm free (and any application needs MASSIVE justification before I'll give it anything that constitutes "Allow Server" - I have thrown "all ports outgoing" at some when anything else is just too much hassle - NEVER, except for testing and if totally desperate, would I EVER give an application "Trusted" status).

17-06-2004, 19:58	#32
Matth Inactive Join Date: Mar 2004 Services: BB:M, TV:XL, Phone:M, Loyalty Posts: 2,516	Re: DHCP Server I try to be generic, for things which ARE, and tight, for things which can be tightened without having to specify a new rule every time you do something. DHCP can be used to misdirect your traffic - and why would somene attack YOU in that way? - well, generally, someone is attacking everyone. DNS is also restricted. Put simply - I generally don't allow anything which is unexpected, but whwnever a new rule is required, I make it generic enough to cover all expected situations - if you HAVE a decent rules based firewall, no point setting it up like Zonealarm free (and any application needs MASSIVE justification before I'll give it anything that constitutes "Allow Server" - I have thrown "all ports outgoing" at some when anything else is just too much hassle - NEVER, except for testing and if totally desperate, would I EVER give an application "Trusted" status).