On 2013/02/14 19:28, Geoff Steckel wrote: > outgoing connections? from secure systems, allow all is > probably OK - though blocking packets to useless > "privileged" ports is probably a good idea.
people don't block outgoing connections enough. once you've worked out which outbound connections actually should be made from a system, blocking and logging the rest is a really good practice.. of course this can only work if the people involved with running the firewall are on the ball and working with people running the other systems, if it's in some rigidly controlled organisation where you have to put in change requests and wait an age to get anything done, people will just work out ways to get around it.
