It is quite staggering that almost every single network we are tasked to secure was only using half of its capabilities. While most network admins will enforce inbound filtering, outbound is almost always left fully open, putting your organization at risk.
The following are examples of how an egress policy lowers risk.
Malware Block – Even if malware takes hold on a machine, stopping it from being able to communicate with command and control servers is key to preventing it from accomplishing its goals.
Data Exfiltration – A proper egress filter blocks most paths for your business data to leave the network and allows you to set up alerts. This helps identify attempted data theft.
Password Leakage – There are several types of authentication packets that should never leave your network. Most default firewall configurations allow this traffic through. An egress policy will prevent these types of exploits from being successful.
Clarity – In order to perform egress filtering, we must first review and classify what is expected and unexpected business network traffic. In doing this, it becomes very easy to locate misbehaving applications, servers, workstations etc. A user bringing in their own laptop from home that has malware on it will be very easy to identify.
There are many benefits to performing egress filtering beyond the obvious security implications.
Productivity Increase – Filtering websites which are unrelated to the business needs is widely known to prevent a loss of productivity.
Litigation – Most attackers will use compromised networks to attack other networks. In the event that your network is breached, egress filtering would severely limit the attackers ability to accomplish these attacks, meaning that you do not have to worry about potential litigation from this activity.
Realistic Growth – Quite often, upgrading equipment, or internet service is done sooner than actually required. When a network is laboured with unnecessary bandwidth usage, it can give the impression that it is under-performing and needs upgraded when in fact it does not.
IBC uses SANS best practice when it comes to Egress filtering to ensure that your network is taking advantage of every capability it has to offer.
Further Reading: (SANS Whitepaper on Egress Filtering – Direct PDF Download)
https://sansorg.egnyte.com/dl/DN8bDiXPtf