The Importance of Outbound Filtering for Firewalls
Throughout this article, we will learn the importance of sound outbound connection filtering in a firewall protection.
In an interesting story published the other day, Microsoft’s security seniors shared their views on modern Windows security. Called “Deconstructing Common Security Myths,” the article gives an insightful overview of security hot buttons.
Among many points raised was the author’s claim that the average computer user connected to the Internet doesn’t need outbound data filtering in a firewall at all—a point many people would argue and one that prompted us to write an article of our own.
Microsoft’s recent push into the consumer security market with its OneCare service, plus the upcoming release of its next-gen Windows Vista scheduled for the first quarter of next year promise a load of security enhancements, however ... without outbound protection enabled.
Wait a minute. Isn't that a repeat of the situation with the Windows XP built-in firewall, a firewall that lacks exactly the same functionality missing this time? Probably yes.
Let's try to counter some arguments cited by the opponents of outbound filtering.
Argument 1. Outbound filtering is not needed—the objective of the firewall is to protect you against the world’s threats, not protect the rest of the world from you.
This argument is fundamentally wrong: the objective of a firewall is to provide comprehensive threat protection, both inbound and outbound. With only inbound protection in place—even though you are protected from Internet-based attacks directed at your computer—any program, including nefarious ones (viruses, spyware, and simply unnecessary connections) can communicate data from your computer without restrictions. This is a dire situation as your personal information, business know-how or other critical data can leave your computer, bypassing the firewall’s filters.
Antivirus, antispyware or other signature-dependent solutions cannot deter such attempts, as vendors have not yet assigned a proper fingerprint to identify the presence of a virus or spyware instance. Too often, the development process of the modern security industry is lagging the pace of malware writers. A recent example occurs here, with the not-yet patched vulnerability in Microsoft Office, which results in a Word exploit that compromises computers worldwide.
Users should think from a larger perspective. What do you really fear on the Internet? Is it a never-visible remote attack from outside or the prospect of anything stored on your machine secretly going out to bad guys? While no universal answer exists, a good firewall must provide a simple answer. It must secure your computer against any kind of Internet threat—no matter the direction. This is the backbone of the design of any serious firewall!
Argument 2. Outbound filtering in a firewall is too technical for ordinary users to understand and apply.
With some firewalls, the above argument may hold true, especially when many Internet-enabled applications are installed that require outbound access to send out data (your email or IM program). For an ordinary user, the decision whether to allow or deny a particular kind of connection can be difficult. To alleviate this situation, some user aids have been specially introduced to help users correctly configure their outbound protection.
Outpost Firewall Pro, in its latest version, has an ImroveNet system that makes the most of the firewall’s automatic configuration, sparing users the need to configure settings on their own. Plus, the pre-defined rule sets for application access and Smart Advisor assist users in their decisions, providing real-time hints and recommendations.
Argument 3. Bad programs use sophisticated techniques to operate; they rarely venture out undisguised.
Yes, this argument can be true; malicious programs no longer act as themselves, but are masked as legitimate programs trying to trick a firewall into thinking a benign program wants outbound access.
In practice, a bad program injects its code into a credible application such as the Internet Explorer web browser, and a simple firewall would think that this program wants access. In reality the web browser has been hijacked and is controlled by the intruding application.
An all-encompassing firewall would detect such impersonation and prevent a good application containing malicious code from accessing the Internet and thus compromising the integrity of information.
Leak tests, programs that simulate malware attempts to send out sensitive information, serve as a good example that a firewall equipped with only inbound safeguards is useless to defend you against malware attempts to steal your data.
Argument 4. Firewalls are already annoying, and outbound protection-related prompts will make work intolerable.
This argument is flawed; when the firewall has been configured and used for a few days, the number of prompts will notably dwindle until they are no longer disturbing. Much activity happens on an Internet-connected computer, and a firewall should be able to recognize appropriate actions—that’s why it asks questions. The key here is that the firewall doesn’t confuse a user with its questions; being informed and knowledgeable, the user can answer just about any question from the firewall.
Conclusion
We briefly outlined the importance and benefits of outbound protection in a firewall. The upcoming Outpost Firewall 4.0 will have every conceivable protection, including unique protection against any type of outbound hacking attempt. Stay tuned to out monthly Security Insight newsletter, and stay informed and protected!
|
