Having breakfast this morning with an acquaintance, the topic of egress filtering came up and hence the inspiration for this post.
Just about any business these days, regardless of how small, deploys a network firewall. Even sole proprietorships and home users utilize some sort of firewall. The traditional view of the firewall is the expectation that unwanted traffic coming inbound will be blocked, but what about outbound traffic?
The typical small office firewall (and many large offices as well), sits on the network perimeter and allows any traffic originating from the inside to pass outside to the Internet. What is wrong with that? Consider the following hypothetical:
Many small offices also allow employees to bring their own devices (BYOD) as a cost saving measure. Heck, why pay for everyone’s laptop if they can bring their own? It would seem like a win/win scenario where the business cuts costs and the employees are happy because they get to use their own stuff. However, the business often has very little governance or control around the personal property of the employees. Without the controls usually exercised on company owned systems, there is a significant risk that a given computer can become compromised by malware and threaten the rest of the business.
So in our hypothetical, our top sales person, let’s call her Eileen, comes to work Monday morning to meet with the boss, check her production, and plan her sales calls for the rest of the week. Eileen has been out the last few weeks for the holidays and traveling to visit family. Along the way, she has used public Wi-Fi in coffee shops and airports, and somewhere during her travels, has also acquired malware which has infected her PC. Upon connecting to the office network, everything is fine for the first hour or so and then the Internet goes down. Panicked, the business calls the local computer guy to come out and get things back up ASAP.
Ed, the computer consultant, comes out and quickly determines that the upstream router is not reachable and promptly calls the customer’s Internet provider. It turns out that the Internet provider has deliberately shut down the customer because they have detected that the customer’s network is sending out Spam. Eileen, as Ed discovers, has picked up a bit of malware which allows the attacker to use her laptop to send out thousands of junk emails. Ed sets to work and cleans up Eileen’s laptop, using system restore to return to a point prior to the malware infection, and convinces the Internet provider to restore access for the customer.
Could this have been prevented by the business? With regards to Eileen’s laptop, the answer is no. However, with regards to the outage it caused the business, the answer is a resounding yes! In this case, the malware “phoned home,” connecting to the attacker which gave them control over Eileen’s laptop and from there, they setup the mass mailings. Egress filtering on the firewall would have prevented Eileen’s laptop from connecting to the attacker and subsequently would have prevented it from sending out all of that Spam which in turn caused the business network to go down. Of course, Eileen would still have an issue when she went home, or connected to a network without egress filtering in place, but our business here was protected.
Egress filtering, while not particularly complicated to set up, does require a bit of upfront effort. Before calling the computer guy, take the time to understand all the systems and applications that need access to the Internet. Communicating this information to the technician can help ensure that the configuration changes made on the firewall to implement egress filtering do not inadvertently block legitimate business traffic.
Of course, implementing egress filtering on the small business firewall does not necessarily prevent employees and individual systems from becoming compromised. However, it can help mitigate and prevent the negative impact on the business of such events.
Cybersecurity can be confusing to the small business owner since there are headlines on a daily basis and plenty of sales folks out there ready to sell a solution to all these threats. We can help your business cut to the chase and determine what is relevant so that you can make intelligent and effective investments to protect your business. Contact us today to schedule your free assessment and come away with an understanding of your cybersecurity risks and a plan to mitigate those risks before your business suffers substantial harm.