Contents
Advantages and Disadvantages of Firewall https://hasonss.com/blogs/advantages-and-disadvantages-of-firewall/
Egress filtering https://en.wikipedia.org/wiki/Egress_filtering
1. Egress Filtering
Ingress_Filtering から区別されるようになったのは、2006年か。
Egress filtering helps ensure that unauthorized or malicious traffic never leaves the internal network.
https://en.wikipedia.org/wiki/Egress_filtering
Egress Filtering FAQ By June 22, 2006 https://www.sans.org/white-papers/1059/
Performing Egress Filtering By Dennis Distler August 20, 2008 https://www.sans.org/white-papers/32878/
1.1. Bard
1.2. wikipedia
https://en.wikipedia.org/wiki/Egress_filtering
In computer networking, egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically, it is information from a private TCP/IP computer network to the Internet that is controlled.
https://www.calyptix.com/educational-resources/egress-filtering-101-what-it-is-and-how-to-do-it/ Egress Filtering 101: What it is and how to do it
https://docs.netgate.com/pfsense/en/latest/firewall/ingress-egress.html
Egress Filtering Egress filtering refers to the concept of firewalling traffic initiated inside the local network, destined for a remote network such as the Internet. Egress filtering may require policy changes and administrative work whenever a new application requires external network access. For this reason, egress filtering is an uncommon feature on consumer and very small business networks.
What is egress filtering and why use it? Why Use Egress Filtering? https://aviatrix.com/learn-center/cloud-security/why-use-egress-filtering/
Outbound or Egress controls prevent unauthorized access by internal resources to possibly dangerous endpoints out there in the wilds of the internet.
https://www.ncsc.gov.ie/emailsfrom/Resources/Ingress-Egress/
Egress Filtering
Description
Egress filtering is the practice of monitoring, controlling and restricting traffic leaving a network with the objective of ensuring that only legitimate traffic is allowed to leave and that unauthorised or malicious traffic is prevented from doing so. Egress filtering is primarily achieved through the use of predefined security rules and policies implemented on the perimeter firewall, to block outbound traffic that uses protocols and destination ports that are unnecessary or subject to abuse. Network administrators are advised to ensure that appropriate measures are taken to prevent unauthorised access to the internet access router, as it is located outside the perimeter firewall, and if SNMP enabled, that apprioate measues are implemented to prevent it from being exploited. While Egress filtering is not primarily focused on protecting one's own network, it does serve to protect the networks of other organisations, by preventing the spread of malware or traffic with a forged IP source address (IP spoofing) from leaving the network that has been compromised, either through the deliberate malicious activity of an individual user or the malicious activity caused by infections, botnets and other malware within the network.
Services & Ports - Recommended to be blocked Depending upon the requirements of an organisation, if the following services are not required, it is recommend that their default ports be blocked and that outbound traffic for these services be prevented from leaving the network.
Controlling Outbound DNS Access Last Revised September 29, 2016 https://www.cisa.gov/news-events/alerts/2015/08/28/controlling-outbound-dns-access