|
Extrusion Detection: Bit Torrent & the Big Worm Fiesta
The strategy has always been to protect what is coming in to your network. Have you considered protecting what is going out? Here's a new term for you, extrusion detection, and few reasons to pay attention.
Say you get a few bots or a worm. It happens all the time. When those viruses have outbound access to the internet from your network, they will invite their friends to come visit. Now you have a big worm fiesta happening on your business time.
Maybe an employee downloads an MP3 at work. That download may have required a file sharing software such as Bit Torrent. File sharing programs such as Bit Torrent open your network to the world and very possibly, to data leaks.
And finally-how do you prevent employees from visiting youtube.com and myspace.com on work time? Stay with me for a minute, there is a common thread.
Extrusion Detection/Outbound Filtering
- It gives you the ability to monitor employee internet use.
- It allows you to monitor adverse activity pertaining to bots, worms, etc and will locate the infected work station(s).
- It allows you to control bandwidth usage by limiting access to the internet.
"After configuring outbound filtering, productivity of the users goes up considerably," says Travis Grundke. "The ability to monitor and control malware (spyware, bots, worms) improves network and computer performance by minimizing resource sapping activities. Also, managers can do a better job of monitoring abusive users. In all, total cost of ownership lowers since the things that slow PCs are much more controlled."
You can google the terms egress filtering, outbound filtering or extrusion detection. I've included a few that might be interesting. You will see that Microsoft is mandating certain types of outbound filtering in an attempt to manage spam on their free email sites. This is a real issue. There is a respected author in this space named Richard Bejtlich. The headline on his website reads, "Know your network before an intruder does". Take a look at it http://www.taosecurity.com.
Internet Security Accelerator (ISA) Sophisticated Firewall and other similarly enabled devices offer you outbound filtering with granular control. It means that you control who/what/when of internet access across the company. There are three major points to be made about outbound filtering.
Talk to you soon,
Jim
|
