[COLUG] Verizon sync accounts, port 110 et. al.
Aaron Howard
archanoid at gmail.com
Fri Sep 14 15:15:00 EDT 2007
On 9/14/07, Mark L. Wise <mark at alpha2.com> wrote:
>
> Am I being too severe in my firewall rules restricting incoming
> connections to these ports?
That depends. How valuable is the data those rules protect? Do the
handhelds support authentication? Encrypted authentication? Are they
Blackberry devices or Treos?
If they will do encrypted authentication, I'd say you should loosen up
your restriction a bit, allow incoming connections from any IP to
those ports, and properly configure the services to only "talk"
encrypted and require an encrypted authentication method.
Does firestarter support rate limiting, bandwidth throttling, or IDS
features to auto-block out IPs if it detects someone trying to abuse
those open ports?
-Aaron
More information about the colug432
mailing list