With such a ruleset in place, malware cannot spread using services deemed unnecessary to the organization. To reduce the spread of worms, it is particularly important to consider placing strict limits on the types of traffic that external systems (e.g., telecommuters' home systems, business partners' systems) can send on the organization's networks.
- ↑ The use of some services cannot be blocked easily through firewall rulesets. For example, some peer-to-peer file-sharing services and instant messaging services can use port numbers designated for other services, such as HTTP or Simple Mail Transfer Protocol (SMTP). Attempting to prevent the use of such services by blocking port numbers might cause legitimate services to be blocked. In such cases, it might be necessary to block access to particular IP addresses that host portions of the services, such as instant messaging servers. Also, application proxies can identify some instances in which one service is used when another is expected.