![]() ![]() Such configurations are green fields for attacks that make use of forged source IP addresses ( IP spoofing). Fred Avolio calls this “ The Nefarious Any”. In the most lax of configurations – and sadly, in many default configurations - a firewall or router may treat and forward traffic it receives from any source address as valid. Filter Egress Traffic to Do No Harm to Others Irrespective of the cause, data exfiltration is a threat you can’t mitigate without egress traffic enforcement, and one you can’t readily detect if you don't log and monitor traffic behavior associated with permitted and prohibited services. Sadly, data exfiltration often results from configuration error: misconfigured NetBIOS, DNS, or other service traffic can leak from your trusted networks and be captured or exploited by external parties. If you don't restrict the services that hosts in your internal networks can access, malware will inevitably find its way onto some of your hosts and may exfiltrate data to a location that an attacker controls. Data exfiltration could be also unintentional, i.e., an insider might incorrectly attach sensitive information an email message to upload it to a document sharing service. Filter Egress Traffic to Protect Yourself In this column, I discuss ways organizations can improve their risk profile and be better 'netizens by implementing egress traffic filtering. ![]() Companies large and small are better served when network administrators are equally concerned with threats that are associated with outbound connections. Attackers can use these to collect and forward sensitive information from your network or to attack or spam other networks. Today's landscape is littered with threats that emanate from malware-infected endpoints. Too many network administrators think only to protect their private network resources from external attacks when assessing security threats. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |