Blogs
Michael R. Farnum's picture
Michael R. Farnum

Hitting the Security Nerve

More posts |

March 31, 2008 - 6:26 P.M.

No regrets on your egress

. What's this?

I found a short but good post at this security vendor blog (can't name them here since my employer sells the product).  The author says:

We're often so focused on who is getting into our infrastructure that we forget about who or what might be getting out. It's a natural tendency, of course, given the focus that InfoSec has traditionally had, and given that we still have the problem of people getting in.

What he is referring to is this article about the Hannaford breach.  One of the experts that was interviewed said that there was clearly "a pathway back out of the network that Hannaford should have closed." 

While we don't know all the details yet on this case, this statement makes sense in any situation.  Unscanned and unfiltered egress traffic can be just as harmful (and often MORE harmful) as ingress.  For instance, I lost a battle once with a CEO of a former employer about scanning email going out of our network.  The product I was looking at to accomplish this was more pricey if we bought the outbound module.  He didn't understand why we would scan outbound email.  I tried to explain that our clients and partners would be fairly upset if we started spewing malware at them via email if we got infected.  He either didn't want to understand or was just that thick-headed, so he rejected it.  Now, fortunately (or maybe unfortunately), we never infected anyone because I guarded against it in other ways.  However, it was a serious risk at the time because it was when there were a lot of worms floating around on email.  And we could have lost business if we would have caused others to get infected.

Another example is firewall rules.  I can't count how many times I have gone into clients to review firewall rules and see that they have an "ANY ANY ANY" rule leading out.  I always suggest to them that they limit protocols going out to the essential (this is most often HTTP, HTTPS, and maybe FTP). 

And now that data leak prevention technology is becoming viable, companies can do even more to protect their intellectual property, client information, etc.  Also, many proxies and application-aware technologies can look at the actual application traffic rather than just filtering via a simple IP / port combination. Companies should take advantage of these new developments.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Related Posts

Hackers to target and cyberattack high tech cars?
Android Market security: An interview with Android's VP of engineering
$50 F-BOMB: Cheap spying for stalkers, hackers, or cash-strapped feds
Welcome to Minority Report IRL: Police armed with pre-crime detection tools

Today's Top Stories

Essential browser tools for Web developers
Hands on: The new iPad
Microsoft cuts the prices of some Office 365 plans
Google works to overhaul its search
Mozilla will start Firefox silent updates in June
Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?