COMPLIANCE COUNSELOR
Egress filtering
Mike Chapple
03.04.2003
Rating: -4.50- (out of 5)
|
If you've been around routers and firewalls for any amount of time, you're probably familiar with the concept of ingress filtering -- the application of a firewall rulebase to inbound traffic. Ingress filtering allows you to control the traffic that enters your network and restrict activity to legitimate purposes.
You might not be familiar with a similar security technique known as egress filtering, which controls the traffic headed out of your network. The addition of a few simple rules to your border router and/or firewall allows you to provide a good deal of protection against many categories of malicious activity. Two of the rules you may wish to consider implementing are:
As with any security control, exceptions to the standard egress filtering policy may be necessary depending upon your organization's unique needs. These rules should be used as the basic building blocks of policy and exceptions should be made as necessary for legitimate business purposes.
Why should you care about egress filtering? After all, isn't the point of a secure perimeter to prevent malicious traffic from entering the network? Quite simply, egress filtering is the socially responsible thing to do. Taking these measures can restrict the usefulness of your network to those who seek to launch d
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
istributed denial-of-service (DDoS) attacks against other Internet sites. If your site is used for such an attack, you'll probably find yourself being pestered by other security administrators, at a minimum. In the worst case, you may find yourself the subject of a law enforcement investigation despite the fact that you did nothing wrong!
The egress filtering rules also have analogs in the ingress filtering arena:
These rules seem like common sense, but they're often forgotten by firewall administrators caught up in the design of complex rulesets restricting activity by port. It will only take a few minutes to add these measures to your perimeter-protection devices and they could mean the prevention of a major headache in the event a malicious individual attempts to use your site as a launching point for a DDoS attack.
About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
