Security Mistakes That Leave You Vulnerable To Compromise # 10: No Outbound Filtering


I’m always surprised at the number of organizations that have no outbound filtering at their perimeter. They have firewall rules that allow any traffic from the inside to go to the Internet on any port. Their reasoning is since the inside is trusted, they don’t need to block outgoing traffic.

But this is a big mistake for two reasons: first, there are lots of non-business applications, from file sharing sites to outright malware, which use non-standard ports.  Most of the time there is no legitimate reason for allowing traffic on these ports. To protect yourself and your Internet neighbors, you should block them.

Second, by blocking unnecessary ports, you greatly increase the chances of detecting malware or other unauthorized activity.   The access lists you create to block this traffic will create log events when traffic is blocked.  By examining your firewall logs, you can see when some malware is trying to “phone home” to its control server.  Now that you know where it is, you can go clean up the malware.

Leave a Reply