Please compare and contrast the role of an inbound firewall vs. an outbound firewall. In what ways does the role...
of each type of device affect how it should be configured?
Simply put, an inbound firewall protects the network against incoming traffic from the internet or other network segments, namely disallowed connections, malware and denial-of-service attacks. An outbound firewall protects against outgoing traffic originating inside an enterprise network. Often, a single firewall can serve both functions.
The configuration of such firewalls is business, network and risk-specific, so the configuration for, say, a manufacturing business's firewall will likely be a lot different than that of a cloud service provider's firewall. Traditional, customizable firewall rules allow specific ports, services and IP addresses to connect in or out.
Sometimes, a dedicated firewall appliance is used for outbound traffic because of the specialized filtering technologies needed. Such systems often perform specialized functions, like content filtering for email or web browsing. They tie into the business's directory service (e.g., Active Directory and Lightweight Directory Access Protocol) so they can provide access, filtering and reporting based on each user's network account. Other firewall systems look for outbound malware and security-related threats.
Using outbound firewalls
It's actually rare to see an outbound firewall used because of the complexities that it introduces into the network. Oftentimes, outbound firewalls interrupt application traffic, disrupt business workflows and get users upset unless close attention has been paid to configuring the firewall in just such a way to enable everything to work.
However, in certain cases, businesses might need to filter outbound traffic. For example, an outbound firewall can be beneficial in very locked down environments that control network behavior down to the host level. Alternately, certain data loss prevention technologies may need an outbound firewall to protect specific information on the host.
Analyzing and controlling outbound traffic has become more important today as security teams look to prevent the exfiltration of sensitive data by intruders or malicious activity from insider threats.
Be it an inbound or outbound firewall, you have to not only focus on the system configuration, but also make sure you're monitoring for system anomalies. Even the most secure firewalls can only do so much.
Learn about the importance of network monitoring for cybersecurity readiness
Find out how invalid certificates can jeopardize enterprise security
Read more on the benefits of static source code analysis
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.