Blocking a port permanently
2In the Category list, click Blocked Sites.
3Modify the logging and notification parameters according to your security policy
preferences.
For detailed instructions, see “Customizing logging and notification by service or option” on page 76.
Blocking a port permanently
You can block ports to explicitly cut off from external access certain network services that are vulnerable entry points to your network. The Blocked Ports list takes precedence over all service properties. For more information on precedence, see Chapter 8, “Configure Services.”
Blocking ports can be useful in several ways:
•Blocked ports provide an independent check to protect the most sensitive services. Even if another part of your security policy is misconfigured, blocked ports provide an additional defense for the most vulnerable services.
•Probes to particularly sensitive services can be logged independently.
•Some TCP/IP services that use ports greater than 1024 are vulnerable to attack if the attacker originates the connection from an allowed
By default, Policy Manager blocks quite a few destination ports. This measure provides convenient defaults that many administrators find sufficient. However, additional ports can be added to the Blocked Ports list. From Policy Manager:
1On the toolbar, click Blocked Ports.
You can also select Setup => Blocked Ports.
2In the text box to the left of the Add button, type the port number. Click Add.
The new port number appears at the bottom of the Blocked Ports list.
Removing a blocked port
From the Blocked Ports dialog box, click a port number in the Blocked Ports list. Click Remove.
Logging and notification for blocked ports
From the Blocked Ports dialog box:
1Click Logging.
The Logging and Notification dialog box appears.
2In the Category list, click Blocked Ports.
3Modify the logging and notification parameters according to your security policy
preferences.
For detailed instructions, see “Customizing logging and notification by service or option” on page 76.
User Guide | 45 |
