[LINK] Acrobat phone home?

[Adam Todd]

>What it does demonstrate is that few firewall have few, if any, controls
>on internal clients establishing outbound connection.  Email borne

Guilty as charged.  Two workstations here have no restrictions on outbound 
ports.  All other systems are fully restricted and need to use my proxy.

Funny and just the other day I was telling Howard I was thinking of 
dropping my proxy, but it actually does serve a purpose :)

>viruses would be far less effective if all outbound connections to port
>25 outside of the firewall were to be either blocked or redirected to a
>corporate mail server with all the bells and whistles.

No workstation here can access port 25 outside the DMZ.  We have a 
dedicated DMZ server that accepts port 25, processes the email and them 
forwards it based on very strict rules (valid send and destination address) 
to my main outbound mail server which processes it again.

We've never had an email virus active in this place to actually test the 
theory though.

Maybe I should grab a few linkers email addresses, put them in an outlook 
address book, write one of the typical styled viri, with a self destruct on 
delivery mechanism and test it :)

Nah, got better things to do :)

>The same goes for connections to port 110 (POP3) and port 80 (HTTP).

110 is blocked outbound, although I allow restricted inbound 
connections.  We only have two servers with 110 open for inside the network.

It's not that hard really.