Pass your certification exam. Faster. Guaranteed.

Egress Monitoring Transcription

Welcome to our egress monitoring module. Egress monitoring is controlling the traffic that leaves your network. You can filter the traffic leaving your network using an access control list, or ACL. You can set up the system so that all traffic except the traffic from a pre-identified setup servers is denied egress or prevented from leaving your network by a firewall or proxy.

You can have automated filtering for certain protocols and only allow certain protocols to leave the network, such as HTTP or HTTPS for web browsing. SMTP for sending email messages, and SIP for voice over IP calls. This will allow you to have very tight control, monitoring, and the auditing of your network traffic.

It will also allow you to attribute traffic to a specific user in order to provide nonrepudiation and integrity. It will allow you to use physical and logical access control mechanisms, and can help to remove vectors for some distributed denial of service attacks. You can filter your outgoing traffic by HashChecking.

This system would compute and store a hash value or a unique digital fingerprint for each binary file that you are monitoring. Hash checking is typically used to verify that a file has not been modified by comparing a known historic hash value with a newly generated hash value. Hash checking can be preformed by several different different commercial host based intrusion prevention systems.

Proxy firewalls, as well as DLP or data leakage prevention appliances. The current scan would be compared to values in your database and if there is a match then the system can block that traffic from being sent. And the administrators would be notified. Basically, your system administrators would come up with a list of all the files that are not permitted to leave your network.

And those hash values would be used to check all of the files that your employees are sending out of the network. And when there is a match the system knows that someone is trying to send a file that should not be leaving your network. Hash values are also used to look for malicious files and viruses by anti-virus software.

And SHA1 or the secure hash algorithm one is probably one of the most common protocols used for hashing. You should be aware of steganography which allows users to hide messages in media. This is known as a covert communication channel. The user is able to hide the existence of data within another file.

This could have a legitimate purpose, such as a digital watermark to detect illegal copies of digital images, but generally is used for malicious purposes. With steganography, there is no algorithm or no key, generally. The data is just hidden in a place where people would not usually look for it.

An example at the bottom here we have what appears to be a normal picture. And if this picture went through your email system you would probably not suspect anything suspicious about this picture. However, using the appropriate software or looking at the picture in a hex editor. You would find a hidden message inside the picture that says the money is hidden under the dock by the beach.

This can be very concerning for system administrators, because individuals can take sensitive data off of your network without you realizing that it is occurring. Data leak or Data Loss Prevention systems or DLP uses set of procedures and mechanisms to automatically stop your sensitive data Data from leaving your security boundary.

These systems will help you to provide network egrass monitoring. In order for these systems to work properly, it is important that all your sensitive data is properly labeled. You can use digital signatures and encryption to protect your most important documents. In order for your DLP system to function properly you would locate and catalog all of your sensitive information on your system.

The DLP system would then monitor and control the movement of your sensitive information across your network. And would also control the movement of sensitive information on the end user systems, such as preventing a user from storing it to a USB flash drive that they could then walk out of the organization with.

The DLP agents will report back to the administrator console to notify them that an individual is trying to take a specific document off of the system. That has been marked as sensitive. DLP technology works very well, but you must consider loop holes. You can have a very expensive system in place to prevent individuals from emailing sensitive data.

But what if they just print the data out on a piece of paper and walk out of the organization with it? They might also be able to fax the document to an adversary which would not go through your DALP system. Or perhaps they could print the documents to PDF, and then send that PDF document through your system because your system would not be very familiar with the hash value.

The PDF version of that sensitive data. You should also consider individuals bringing camera phones into your organization and simply taking pictures of the screen when there is sensitive data on the screen. This is why many organizations, especially government agencies, prohibit users from bringing camera phones into sensitive areas.

This concludes our egress monitoring module. Thank you for watching.