In todays article I am going to discuss restricting outbound connections in your firewall, I will be using analogies for non technical persons to understand and I will explain in laypersons terms.
Think of your computer or server as a pub and think of your firewall like the door of the pub. The pub door allows patrons to enter or exit your pub. Beside the pub door is your security guard, your security guard checks a VIP list of who is allowed into your exclusive pub.
If someones name is not on the list, the security guard does not let them in. This is the equivalent of a firewall rule checking if the outside network connection is allowed to connect to your internal network. If your business enables staff to remotely work from home, chances are that your IT department has configured an access control list (VIP List) to determine who can remotely connect to your internal network.
But what about the people already inside your internal systems? Lets return to the pub analogy. You allowed VIPs access to your exclusive pub, however one of the VIPs may decide to nick one of your beer glasses, your security guard notices this and does not let the VIP exit the pub with the beer glass. This is equivalent to setting an outbound rule in your firewall.
If malware somehow finds its way on to your internal systems, the first thing the malware is going to is attempt to phone home
. this will be done by establishing an outbound connection to the criminal so the criminal can extract data from your business systems. If you restrict what applications and services are allowed to establish an outbound connection, you are preventing that malware from establishing a connection to the cybercriminal.
For example, one of your staff members finds a USB in the carpark, the USB has a label titled important ACME documents
, the staff member plugs this USB in to one of ACMEs computer systems and copies over the documents that contains malware. Your firewall does not detect this because the malware was physically transferred from the USB, not the via network.
In this example, your antivirus does eventually detect the malware, but by the time your antivirus detects the malware its too late, the malware has already phoned home
and has extracted sensitive data, like your customer records.
In the above example, if an outbound firewall policy was configured this malware would not be able to establish an outside connection from your network. To use an analogy, the malware will be locked in a cage and will not be entitled to make a phone call.
Configuring a suitable outbound firewall policy can be complicated and this is best to be left for a professional who understands network protocols and the required applications and services that an operating system requires to operate. By making it harder for cyber criminals to infiltrate your business, these criminals will just probably move on to easier targets as hacking your business is just too difficult for them.