The temporary rules are a very important part of the initial
best practice rulebase. Not only will they give you visibility into
applications you weren’t aware were running on your network (and
prevent legitimate applications you didn’t know about from breaking),
but they will also help you identify things such as unknown users
and applications running on non-standard ports. Because attackers
commonly use standard applications on non-standard ports as an evasion
technique, allowing applications on any port opens the door for
malicious content. Therefore, you must identify any legitimate applications
running on non-standard ports (for example, internally developed
applications) so that you can either modify what ports are used
or
create custom applications to enable them.