Project 5: Implement Egress Filtering
So far we've focused on what's coming into your network. However, we haven't discussed what's leaving your network.
Are your corporate secrets floating out into Cyberspace because someone is running Peer to Peer (P2P) software in your environment?
Outbound, or egress filtering monitors and prevents certain types of network traffic from leaving your internal network.
This solution is very unique to each organization and is based on their business needs. Industry best practices recommend denying all traffic and permitting by exception.
This way if non standard software is required, it can be evaluated by the security and IT teams prior to use.
Depending on the priorities of the organization, some may choose to implement web filtering. Web filtering restricts what types of websites users may access, typically through the use of a proxy.If you're not currently restricting web traffic; be prepared for political push back. Users and managers will not be pleased if they can no longer access certain websites, even if they're not job related.
Some basics categories to consider blocking are:
• Sites known to host or manage malicious software, worms, bots and viruses
• Gambling
• Pornography
• Social Networking
• Game sites
• Sport games (Fantasy Football)
Implementation of egress filtering is a very involved project that affects everyone in the organization. While it is usually difficult to implement; it's the single most effective control in managing bot-net infections, malware and wide-scale data loss.
Not only will you have more control of what leaves your network, but it will also enable your security team to locate malware faster. Most organizations also see a drastic reduction is bandwidth use, which can save thousands of dollars.
