Index ¦ Archives ¦ Atom

Are outbound firewalls worthwhile?

I was recently setting up a server on Microsoft's Azure platform from work and by default Azure pick I high port number1 and NAT it to port 3389 for RDP. I must have spent a good hour trying to work out why I couldn't connect to the server when I finally realized that I hadn't unblocked the port I was trying to connect on in our outbound firewall.

Now I'm skeptical of the value of changing port numbers to hide services anyway but also don't know how much value, if any our outbound firewall add either.

On the one hand, we allow ports 22 and 443 outbound so it's easy for someone to tunnel over ssh or proxy through a HTTPS website. Basically, if someone wants to connect out of our network, the firewall not going to stop them.

On the other hand, we don't open port 23 so if someone brought in a home route infected with Mirai and it tried to telnet out to infect others, or some other dumb worm that uses a port we don't have open then our firewall would at least block that.

So like many defenses in depth things, by itself, it's not going to make much difference, but it's one more layer that malware needs to get around.

  1. I read somewhere that it's a random number in the range 49152-65535 but couldn't find official documentation to back that up. 

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.