How bad would you say that this rule is to have on all clients (medium sized company)?
Name: Outbound TCP and UDP traffic
Remote address: 0.0.0.0/0,::/0
Service: TCP / Transmission Control Protocol, Direction "out"
Service: UDP / User Datagram Protocol, Direction "out"
it says: "All Outbound traffic allowed"
If that is the only rule you see, there is the build-in rule "deny Rest" placed after it.
What does it mean for your security?
No other system will be able to connect to any service on your machine.
If that rule is applied to all Workstations in your domain, all of them are somewhat imunized to a worm. The one system that "hosts" the worm will stay alone. You could say it gets quarantined by the others not allowing to connect, regradless of a vulnerability in a windows service on the other system.
So from a malware protection point of view the firewall rule is the minimum to deploy.
Certainly you can add additinal rules or limit outbound traffic to http(s). But that is a different, a safety goal not security.
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de
Yes, I have the "Deny rest" at the end. But what I was thinking about was if it is good practice to actually allow all outbound traffic? I mean there could be some botnet traffic going out from an infected client or outbound traffic to blacklisted domains etc. But perhaps that would be taken care of other parts of the F-Secure Client Security Premius suite, like Browsing protection or Web traffic scanning?
My advice would be, that only allow the traffic you need.
tcp80/443 to everywhere, dns to your nameservers, ftp/ssh/stmp where needed, smb to your local network etc. It takes some time to plan and setup, but will be much more secure than just allowing all outgoing traffic.
Here's an example of an exploit:
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions