Outbound Traffic Is a Serious Security Risk

A focal point for any network security administrator is the network perimeter. Companies spend a lot of time guarding against traffic that might enter their networks and not enough time guarding against traffic that might leave their networks.

Typically, a company establishes a perimeter defense by blocking all inbound traffic, then letting only specific traffic types reach specific internal systems. To ease management headaches down the road, the company defines traffic rules that let any and all outbound traffic leave the network. After all, allowing all outbound traffic means no future rule definitions will be required to meet future needs. This approach also means the cost of managing perimeter security will be lower because no one will need to define new outbound rules. But think about that action for a moment. Are the savings really worth the risk in today's world?

If there were only one reason that clearly points out the need to lock down outbound traffic as securely as you lock down inbound traffic, then that reason is Distributed Denial of Service (DDoS) attacks. Without an open port to move traffic out of, your network is far less likely to become a participant in such an attack.

But DDoS attacks are not the only reason to restrict outbound traffic. Consider the risks of uncontrolled email or file transfers that might let someone inside your network move proprietary information offsite without proper consent. Do you have policies regarding email use? Do you screen outbound email for improper content? Do you block outbound FTP and other forms of file transfer? And what about improper Web or other multimedia use? Do you guard against those actions with security policies and software-based controls? Doing so might help reduce the chance of potential lawsuits against your company, which could include charges of defamation, sexual harassment, slander, and more. Without controls, you have to trust that an employee won't take an inappropriate action at an inappropriate time. Can you afford that risk?

The bottom line is that you must protect against unwanted outbound traffic as fiercely as you protect against unwanted inbound traffic. Consider adding various content filters to your overall security arsenal. Content filtering tools can screen and prevent the movement of both inbound and outbound traffic over a variety of protocols, including Web, SMTP, POP3, and more. By using such technology you can significantly reduce a huge portion of the risk associated with general Internet connectivity.

Before I sign off this week, I'd like to announce two new columnists for Windows 2000 Magazine's NTSecurity.net Web site. I'm pleased to inform you that Randy Franklin Smith and David LeBlanc have joined our Web team as regular columnists to bring you their hands-on experience gathered directly from the trenches.

Randy looks at Win2K Security from the ground up to cover all the new bells, whistles, and techniques. David looks under the hood of writing secure Win32 code for Win2K and Windows NT platforms. If you're new to Win2K security administration or a code slinger looking to improve your application development for Win2K or NT, be sure to read the new columns—they're linked in the Toolkit section below. Until next time, have a great week.