I'd question the "old school" policy you described. I learned firewall policy 15+ years ago, which I think qualifies as "old school", and the rule then was default-deny: anything without an explicit allow rule is blocked. What you describe as old-school sounds to me like the relatively recent policy required by Windows: block known problems and allow everything unknown by default, because if you don't you break things. That default-allow policy is IMHO a relatively recent and very Windows-specific policy, forced on admins mainly by design decisions in Windows, and is one of the prime causes of current malware outbreaks.

My own firewalls are of the old school: anything I haven't explicitly allowed for is blocked, and network security is never sacrified on the altar of expedience. Not coincidentally, Windows malware has a very hard time spreading on my network.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1867/586#586