Honestly it can be done either way. I used to work for the US Gov and we did. He used proxies on 80/443 and block everything else outgoing from the user pcs. However, there are different ways to construct your security policies, It really is a balance between what you are doing (how secure do you need to be?) and how much people will butch and moan about it.
-- Michael
Do most corporate firewalls block outgoing connections to ports other than
80 or 443?better solution would be the proxy. what's stoping someone from hosting their RAS on port 80?
dj
Jim Hubbard wrote:
On Thu, 9 Dec 2004 19:46:41 -0500, Jim Hubbard spoketh
Most corporate firewalls block all ports except a very few. 80 and 443 are two of the ports most commonly allowed, and they are very often checked for protocol compliance (meaning, if it's not http, it's not going through).
Lars M. Hansen
Depends on the company. Most I've seen block EVERYTHING for the normal users, the only machines that are allowed to connect out are the proxy- and mailservers.
Juergen Nieveler
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.