The temporary rules are a very important part of the initial
best practice rulebase. Not only will they give you visibility into
applications you weren’t aware were running on your network (and
prevent legitimate applications you didn’t know about from breaking),
but they will also help you identify things such as unknown users
and applications running on non-standard ports. Because attackers
commonly use standard applications on non-standard ports as an evasion technique,
allowing applications on any port opens the door for malicious content.
Therefore, you must identify any legitimate applications running
on non-standard ports (for example, internally developed applications)
so that you can either modify what ports are used or create custom applications
to enable them.