Deny all, permit some

Deny all, permit some
Deny all, permit some 

By Matt Prigge
Information Overload
January 11, 2010

Corporate networks face more security threats than ever before. Whether 
it's the rampant spread of malware, malicious employees, or plain and 
simple user error, IT administrators must bend over backward to ensure 
that intruders stay out and corporate data stays in. Tools abound to 
help you secure your data, but one simple policy -- regardless of which 
part of your infrastructure you look at -- will invariably protect you 
more than any single piece of security hardware or software: Deny all, 
permit some.

A recent reminder of the value of this policy came to me when an 
organization I work with was struck by a new zero-day worm. Within a few 
hours over a weekend, a significant portion of the Windows machines on 
the network had been infected. It was most of the way through the 
following Monday before virus detection signatures that would recognize 
the worm and its payload were made available and real progress was made 
toward combating it.

Like many worms, the payload was a Trojan that would allow remote 
control of infected workstations and cause data leakage, but revealed no 
outward signs of infection or denial of service. Fortunately, the 
network administrator had made the decision many years ago to configure 
all of his border security devices to deny all traffic -- inbound and 
outbound -- unless it had been requested for a business purpose and 
specifically allowed. That policy had not been particularly popular with 
users, but in this case it resulted in the inability of the virus to 
communicate with its control server and prevented any data leakage or 
subsequent infections.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods