Pub.16 2021-22 Issue 2

NEBANKERS.ORG 16 The Risk Value of Egress Filtering TECH TALK Kelley Hesse , Information Security Consultant, DFIR Analyst, SBS Cybersecurity, LLC M ONITORING FIREWALL TRAFFIC IS A FUNDAMENTAL PART of cybersecurity. It is well known that ingress filtering is crucial to business operations, but what about egress filtering? Neglecting egress filtering can be compared to neglecting your company’s yearly budget. Just for a moment, imagine giving all your employees blank checks and hoping they do not bankrupt you. If your first thought when reading that sentence is “we would never do that,” then you are part of the majority. There are many things to consider when implementing a company’s budget: Who has the authority to spend? On what are employees authorized to spend money? Which employees have bigger budgets than others? How much can the company afford to spend? To avoid financial hardships, your company tracks all outgoing purchases. In this example, the blank checks are traffic leaving your firewall, and the employee’s purchases are connections to anything on the internet. Controlling the egress flow of information is just as important as managing the outflow of cash to your organization. Implementing host-based egress filtering, especially whitelisting with DNS verification, decreases risk across your entire enterprise. What is Egress Filtering? Egress filtering controls the outflow of traffic from the network. Meaning, if an administrator does not configure the network’s firewall correctly, outgoing traffic can connect to unknown and sometimes unwanted/malicious hosts. This could be harmful to your network because those connections could be a part of a cyberattack. The Risk Value Let’s walk through a scenario that is all too familiar for too many companies. An employee at a company receives a phishing email that is claiming to come fromMicrosoft. The email states