Packetizer

Paranoia Leads to Excessive Use of Firewall Rules

June 24, 2013

All of us want to ensure our private information remains private and that data is not leaked onto the Internet. However, some IT departments simply go overboard in trying to secure information.

My wife recently worked for a company that would not allow any external communication by any employee without authorization from their management. Basically, without authorization there was absolutely no Internet access privileges at all. That’s certainly one way to control the leaking of information, though the same IT department had absolutely no means to prevent data from being copied to a flash drive. Thus, the policy must have been in place only to prevent leaking of information by “spyware” software that was unknowingly running behind the scene. That might have helped, but I doubt it. After all, there were many in the company with Internet access.

Her employer and many, many IT departments also practice something that absolutely makes little sense to me: blocking certain outbound ports. Sometimes, an IT department will block outbound UDP ports (all of them or ranges). Other IT departments will block nearly all outbound TCP ports. To what end? Is the intent to try to prevent leaking information to the Internet? If so, that is a pretty pointless exercise, if the IT department leaves port 443 (HTTPS) open. One could copy a company’s entire collection of data files right out through port 443. Further, software designed to steal information will exploit any potential hole. Whether there is a single port open or 65,535 ports open, it makes no difference. One is all that is needed.

Is the reason for blocking certain outbound ports to prevent employees from using certain software programs? If so, why? Is there truly a business reason to prevent use of certain applications, or is the practice just to demonstrate a certain level of control over employees “because we can”?

Since few reasons make little sense to me, I’ve come to conclusion that the practice of blocking outbound ports on a firewall is really something done out of paranoia. There appears to be a widespread fear of the unknown when it comes to the Internet. An expert in networking and hacking can get anything through a firewall if even one port is open, so blocking a bunch of ports if a futile exercise. What blocking ports does is create more frustration for end users and more work for IT departments as they try to figure out what ports to open for applications users want to use. What it really does not do is provide any real security, which is the claimed objective.

Click here to view the main blog page.

Paul E. Jones

About Me
My Blog ATOM Feed
Email Me
IM Me

Certified ScrumMaster®