One of the most alarming trends in today’s Information Technology landscape is the “allow all out” rules that are the default setting on most new firewalls. Allowing all traffic out may be easy – and less work for the IT department – however the negative effect that it could have on your over-all security is profound.
When reviewing some of the largest data breaches over the last 5 years, it becomes apparent that a majority of them could have been prevented by deploying security best practices such as egress rules and source and destination routing restrictions. In fact, in most cases Internet-based intrusions can be pre-empted by simply reconfiguring your existing firewall. Although this won’t provide absolute security, it will reduce your attack surface and thereby mitigate the potential for intrusions.
A recent article posted by Naked Security discussed Cryptomining and the fact that Network Attached Storage (NAS) devices are being used for distributed computer power. These types of attacks can be easily avoided by deploying a simple egress rule, which will prevent the device from having Internet access in the first place.
Within the SMB and Enterprise spaces, the benefit of egress rules is clear. By restricting access to the internet your organization reduces its over-all exposure and threat surface. A perfect example of how an egress rule would come in to play is to take a look at something nearly every company has – their mail server. Implementing an egress rule would mean that the mail server would be the only device on the network allowing any data out (in this case, sending email). By creating a firewall rule that allows only the mail server to send outbound mail, the threat of an infected machine sending out information via email (smtp) is eliminated.
Strengthening your organization’s network starts with the edge devices (firewalls, routers, etc.) and then works all the way in, to end-user education and limitations. In today’s business landscape – where nearly every user is at least somewhat technology literate and IT departments are constantly running to keep up with patches, updates, and user requests, it’s become commonplace for end-users to be the administrators of their own devices and deal with the minutia of day-to-day computing (installing programs or setting up printer access, for example) on their own. This, however, creates a huge security hole. A user should not be an administrator of any end-point, as it makes it easier for unauthorized applications and programs including malware and ransomware to be inadvertently installed.
To review, there are five considerations to be made for ensuring that your organization’s network is secure at the most basic levels:
– Implement egress rules whenever possible for things like DNS, SMTP, etc.
– Implement source and destination IP restrictions
– Deploy a next generation firewall that includes UTM services for an extra layer of security
– Utilize third-party vendor solutions for additional security
– Remove Administrative rights for the end-users