Explain why it is important to monitor outbound traffic as

: Explain why it is important to monitor outbound traffic as well as inbound traffic in a corporate network. Give an example

Solution

Incoming traffic refers to packets which originate elsewhere and arrive at the machine, while outgoing traffic refers to packets which originate at the machine and arrive elsewhere. If you refer to your web server, it mostly accepts incoming connections to its web service, and only occasionally (or maybe never) makes outgoing connections .If you refer to your web client, it mostly makes outgoing connections to other services, and only occasionally (or maybe never) accepts incoming connections.

Monitoring inbound and outbound traffic is important because to maintain stability for the network. From monitoring incoming and outgoing traffic you can detect hacking attempts, virus or worm infections and propagation, configuration problems, exploits, hardware problems and many others. Information security focuses on ensuring confidentiality, integrity and availability. From network monitoring you can detect attempts to access forbidden information or resources such as unauthorized access, which in turn ensure confidentiality. You can detect attempts to change or alter information such as file modification, which ensure integrity. And you can detect any kind of problems that can affect the availability of the information such as DOS or DDOS attacks. The monitoring process can guide you to discover any suspicious behavior before affecting your network or before propagating through it. It can guide to further enhancement for your security system. It can give you an idea about the required tools that you can use to get more information that help to maintain confidentiality, integrity, and availability.

Examples for monitoring inbound and out bound traffic is to put, an inbound firewall protects the network against incoming traffic from the Internet or other network segments, namely disallowed connections, malware and denial-of-service attacks. An outbound firewall protects against outgoing traffic originating inside an enterprise network. Often a single firewall can serve both functions. The configuration of such firewalls is business, network and risk-specific so the configuration for, say, a manufacturing business\'s firewall will likely be a lot different than that of a cloud service provider\'s firewall. Traditional, customizable rules allow specific ports, services and IP addresses to connect in or out. Sometimes a dedicated firewall appliance is used for outbound traffic because of the specialized filtering technologies needed. Such systems often perform specialized functions like content filtering for email or Web browsing. Other firewall systems look for outbound malware and security-related threats. In certain cases, businesses might need to filter outbound traffic. For example, outbound firewalling can be beneficial in very locked-down environments that control network behavior down to the host level. Alternately, certain data loss prevention technologies may need an outbound firewall to protect specific information on the host.Be it inbound or outbound firewalling, you have to not only focus on the system configuration but also make sure you\'re monitoring for system anomalies.