The decision about what services to filter is based on a desired policy. Nonetheless, some general rules are prudent for most policies. In this chapter, we present our philosophy about these. They are not to be viewed as hard-and-fast rules, but rather as suggestions, or perhaps as a template policy to be customized. This chapter discusses what to filter and why. The how is covered in Chapter 11. The astute reader will note that the services discussed here are a small subset of the ones from Chapter 2. Rather than discuss every possible service, we focus on the more interesting ones, with an eye toward pedagogy.

In this chapter, when we describe a service, we include a summary about how to handle it from a security ...