undefined | Better HN

0 pointsgraemep1y ago0 comments

The biggest problem I can see with default deny is that it makes if far harder to get uptake for new protocols once you get "we only allow ports 80 and 443 through the firewall".

0 comments

account421y ago

Wich also makes the security benefit moot as now all malware also knows to use ports 80 and 443.

graemepOP1y ago

Yes, I think blocking outgoing connections by port is not the most useful approach, especially for default deny. Blocking incoming makes more sense, and should be default deny with allow for specific ports on specific servers.

j / k navigate · click thread line to collapse

0 pointsgraemep1y ago0 comments

The biggest problem I can see with default deny is that it makes if far harder to get uptake for new protocols once you get "we only allow ports 80 and 443 through the firewall".

0 comments

account421y ago

Wich also makes the security benefit moot as now all malware also knows to use ports 80 and 443.

graemepOP1y ago

j / k navigate · click thread line to collapse