Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Misconfigurations > The Ronco Perimeter - Pg. 307

Misconfigurations 307 are inside attackers including but not limited to disgruntled employees or "trusted" third parties. It is critical to enforce access control and traffic flow in both direc- tions: both into and out of every enclave in order to ensure that an inbound attack is not originating from inside the network. In addition, many breaches result in the infection and propagation of mal- ware, which will typically attempt to connect back out of the network to a public IP. Depending on the sophistication of the attack, the outbound connection may be well hidden or obvious, but if firewall and IPS policies are only enforcing traffic in one direction, it does not matter. Monitoring is equally as important: even if the perimeter security policies are strong enough to stop the malicious outbound traffic, the fact that the traffic originated from the inside indicates that there is a malicious entity (user or malware) inside your network. Monitoring will alert you to this, and can also help indicate where the attacks are originating from. The Executive Override The "Executive Override" is an intentional policy allowing traffic through a perim- eter firewall for a nonessential use (at least from the perspective of industrial opera- tions, there may be a very legitimate business case for the exception). It is almost