Inbound vs outbound firewall rules

It is vital to compare the roles of inbound and outbound firewall rules before purchasing a corporate firewall in order to ensure quality security for your enterprise's IT environment.

Simply put, inbound firewall rules protect the network against incoming traffic from the internet or other network segments -- namely, disallowed connections, malware and denial-of-service (DoS) attacks. Outbound firewall rules protect against outgoing traffic, such as requests to questionable or dangerous websites, VPN connections and email services, such as POP3, IMAP and SMTP.

While a single firewall typically serves both functions, it is important to understand what inbound and outbound traffic is, as well as the differences between inbound and outbound firewall rules and the benefits and drawbacks of each.

Inbound traffic vs. outbound traffic

Enterprise networks have inbound traffic and outbound traffic. The inbound requests originate from outside parties, such as a user with a web browser, an email client, a server or application making service requests, like FTP and SSH, or API calls to web services.

Outbound requests, on the other hand, originate from inside the network, destined for services on the internet or outside network. Firewalls are typically designed to prevent inbound traffic from entering a network, but they can also prevent outside connections from receiving outbound traffic.

The difference between inbound and outbound firewall rules

The configuration of firewalls can be business-, network- and risk-specific, so the configuration for a manufacturing business's firewall, for example, will likely be different than that of a cloud service provider's firewall. Customizable firewall rules enable specific ports, services and IP addresses to connect in or out.

Inbound traffic originates from outside the network, while outbound traffic originates inside the network.

Sometimes, a dedicated firewall appliance or an off-site cloud service, such as a secure web gateway, is used for outbound traffic because of the specialized filtering technologies necessary. Such systems often perform targeted functions, like content filtering for email or web browsing. They often tie into the business's directory service -- Active Directory and Lightweight Directory Access Protocol -- so they can provide access, filtering and reporting based on each user's network account. Other firewall systems look for outbound malware and security-related threats, including DNS lookups to hosts known to be threatening or even blocklisted.

Using outbound firewall rules

While managing outbound traffic introduces a certain level of complexity into an environment, it is becoming a popular network security approach. Often, outbound firewalls interrupt application traffic, disrupt business workflows and upset users unless admins pay close attention to configuring the firewall rules in a way that enables rather than hampers work.

In certain cases, however, businesses might need to filter outbound traffic. For example, outbound firewall rules can be beneficial in locked-down environments that control network behavior down to the host, application and protocol levels. Alternately, certain data loss prevention technologies may need outbound firewall rules to protect specific information on the host.

Analyzing and controlling outbound traffic has become more important as security teams look to prevent the exfiltration of sensitive data or other malicious activity involving malware or DoS attacks from insider threats.

Using inbound firewall rules

Most organizations have been using inbound firewall protection for years. Inbound firewall rules serve to protect internal network systems from outside threats. They can be located at the network perimeter, branch office locations or even internally, providing further network segmentation and protection. Inbound firewall rules meet the goal of keeping bad things out and safe things intact.

Inbound and outbound firewall rules require not only system configuration, but also monitoring for system anomalies. Even the most secure firewalls can only do so much. Without the necessary internal resources -- product training, security knowledge and so forth -- for managing your firewall environment, a great option is to outsource to a managed security service provider (MSSP). Having a dedicated resource like an MSSP monitoring network security around the clock is often the best way to minimize the associated risks.

Mohammad Abdur Rahim Sarker

(ECSA, CSA, CTIA, CFR, WCNA, MCSA, WAPPLES Basic, VSP, VTSP, JNCIP-ENT, JNCIS-ENT, JNCIS-SEC, JNCIS-Junos, Juniper Ingenious Champion, MCP, MS Azure Infrastructure. Etc.)

Manager, Certifying Authority(CA) & Enterprise Security Admin

data edge limited

rahim[@]data-edge.com