What is Egress Filtering?

--

Ingress or Egress Filtering

Numerous network administrators & security professionals think that protecting their private network and resources from external threats is the only thing in assessing security threats. That is where they use firewalls with legacy filtering techniques to prevent external adversaries from sending malicious data packets within the network. However, security professionals found that outbound packet filtering is also essential. Thus they opt for egress filtering.

According to the Allied Market Research report, in 2020, the global firewall-based security market size was 3.48 billion USD and is projected to reach 24.34 billion USD by 2030. It will reflect a compound annual growth rate (CAGR) of 21.6 percent from 2020 to 2030. With this evolving use of firewalls, enterprise security professionals and network administrators understood the need for egress filtering techniques. This article is a quick walkthrough on egress filtering, its application, and best practices.

What is Egress Filtering?

Egress filtering is the technique of restricting & monitoring outgoing data by configuring the firewall before transmitting the data packets to another network. In other words, it filters all data packets leaving your network. Network administrators and security professionals use this filtering technique to prevent other systems from getting infected by connecting to systems within the corporate systems. Professionals leverage this egress filtering technique in firewalls, Intrusion Prevention Systems (IPS), packet monitoring systems, etc.

Effective egress filtering is difficult to enforce, but it is worth the effort. Various industry regulatory suits use this filtering technique to follow particular policies. The best network section where we can implement the egress filter technique is on the network’s edge. Every outbound data traffic should pass the firewall that implements the egress filtering process.

Processes Associated With Egress Filtering

Egress filtering has two main processes. These are:

· Monitoring: It helps in recording & supervising all outgoing data packets to the outside network.

· Setting policies and controlling data outflow: Proper configuration and control measures in the egress filter determine which data is authorized to go out and which should be blocked.

Applications of Egress filtering

Egress filtering is essential for preventing outbound connections to unsafe and shunned hosts. It might not solve the enterprise’s holistic security needs, but in specialized aspects, it can help. These are:

i. Block unwanted services:

Let’s suppose an enterprise has a policy not to chat on Skype or any other online platform. Security administrators can set an egress filtering technique to block the ports and protocols required to run chatting services. Thus, users cannot use those services because the outgoing traffic gets blocked using the filtering technique.

ii. Disrupt malware functioning:

Let’s suppose your employee’s internal machine got infected with malware. The egress filtering technique can deter the malware from connecting to the command and control owner or malware’s command server. Again, if spyware tries to export any file to its malicious owner outside the network, the egress filter will stop it from sending to the destination system.

iii. Stop machines from becoming malicious:

Egress filtering is also an excellent solution for systems wherein attackers try to turn an employee system into a botnet. Egress filtering will block particular types of traffic by preventing enterprise machines from being used as zombie machines for DDoS attacks, spamming, malware hosting, etc.

iv. More awareness:

Enterprises often have private projects and source codes. Leakage of these projects and source code can lead to massive loss. Therefore implementing the egress filtering technique will make security and IT professionals more aware of sending private projects out of the network.

Best practices while using an Egress Firewall

i. Use firewall configuration auditing software:

Not all firewalls remain set up for output filtering from the beginning. It will allow all outbound traffic without any filter. So, simply implementing the egress filter technique will be useless. Most enterprise-grade firewalls have many dozens or thousands of rules and filters implemented. It often becomes confusing. Thus, it is a good practice to use firewall configuration auditing software to check whether the firewall is fit for egress filtering.

ii. Specific blocking of ports through egress filtering:

The SANS Institute is known for its cybersecurity recommendations. It encourages companies to block outbound traffic that uses the following ports:

· Trivial File Transfer Protocol (TFTP) — UDP port 69

· NetBIOS/IP — TCP & UDP ports 137–139

· MS RPC — TCP & UDP port 135

· Simple Network Management Protocol (SNMP) — UDP ports 161–162

· SMB/IP — TCP port 445

· Internet Relay Chat (IRC) — TCP ports 6660–6669

· Syslog — UDP port 514

iii. Regular assessing/auditing security zones:

Most enterprise network contains PCI zone, demilitarized zone, or other sensitive network zones that require enhanced security. Security engineers can implement egress filtering techniques in those zones and audit those network systems & policies routinely.

iv. Seek expert advice before implementing:

Enterprises and organizations can seek expert guidance & courseware from cybersecurity specialists, researchers, and worshippers like me. They have expert professionals to tell you the best approaches for implementing egress and other filtering techniques.

Conclusion –

Identifying & allowing legitimate traffic plays a significant role in determining the security and integrity of enterprise data. Thus, companies should seek guidance from experts before implementing egress filtering & other rules in firewalls.

--

--

Karlos G. Ray [Masters | BS-Cyber-Sec | MIT | LPU]
Karlos G. Ray [Masters | BS-Cyber-Sec | MIT | LPU]

Written by Karlos G. Ray [Masters | BS-Cyber-Sec | MIT | LPU]

I’m the CTO at Keychron :: Technical Content Writer, Cyber-Sec Enggr, Programmer, Book Author (2x), Research-Scholar, Storyteller :: Love to predict Tech-Future