Suppose an organization is only able to filter and selectively block either: a) network traffic coming into its intranet from the internet (incoming) or b) network traffic going out to the internet (outbound). With respect to each of the 3 information system security objectives (i.e. confidentiality, integrity, and availability), if you could only filter and selectively block one network traffic direction which one you would you concentrate on and why?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Shubham Patil says
Intranets usually contain extremely confidential assets crucial for both day-to-day activity and strategic business development. A successful attack may result in disruption of the organization’s operations, significant damage to reputation, and infringement of legal regulations.
Information integrity protects information and data flows while they are in movement to and from users’ desktops to the intranet. System integrity measures protect the systems that process the information (usually servers such as email or file servers). Processes to protect information can include antivirus tools, IPS and IDS tools, Web-filtering tools, and email encryption tools.
In intranet or general IT terms, recovering successfully from a disaster can mean resuming critical IT support functions for mission-critical business functions. It relates to the availability security objective.
I would categorize the two options provided into CIA as:
1. Confidentiality: I will focus more on blocking the network traffic going out of the internet.
2. Integrity: I will focus on blocking the network traffic coming into the intranet
3. Availability: Again, I will focus on blocking the network traffic going out of the internet.
If I had to focus on one security objective for the two options, I would most definitely go with – blocking the traffic coming into the intranet from internet. Integrity of an organization’s data should not be compromised at any cost. It is very important to maintain the consistency and accuracy of the data over its life cycle. Manipulation of data can cause severe problems because data drives business and helps make decisions. Data Integrity can happen by humans or malicious acts such as malware & other types of cyber-attacks. Blocking traffic into the intranet will not totally eliminate outside threats but it will definitely reduce it to a manageable level. Having proper IDS and IPS can also help companies block unwanted data and threat.
Yangyuan Lin says
Hi Shubham,
We have the same view on network traffic direction. I agree with your opinion. Network traffic should be regarded as an external threat because the organization can never conclude that the transmission of information on the external network must be authorized or not. External network traffic may have installed malicious programs or software to steal information and damage servers.
Elizabeth Gutierrez says
Inbound or outbound refers to the direction traffic moves between networks. Inbound network traffic originates from outside the network, while outbound traffic originates inside the network. If an organization is only able to filter and selectively block network traffic coming into its intranet or network going out to the outbound, I would think that it is best to concentrate on inbound traffic if the objective is to protect from a breach of confidentiality, integrity, or availability. Reason being, many enterprise network defense mechanisms are aimed primarily at preventing attackers from entering a network. It is much less common for organizations to implement defenses aimed at preventing sensitive data from leaving their networks. An intranet is basically a Web application exposed to a hostile environment in the same way as the corporate website is, and therefore is vulnerable to the same scope of threats. Considering intranets contain confidential assets critical to business development and daily operations, the consequences of a successful attack could result in: the disruption of the organization’s operations, significant damage to reputation, and infringement of legal regulations (Vacca, Chapter 15). In addition, as suggested in Vacca Chapter 15, the fact that the private network is intended for employees and trusted parties does not guarantee against hacker attacks, viruses, and spam.
Shubham Patil says
Elizabeth,
I feel network admins should secure both inbound and outbound traffic with proper firewall rules and all logs should be monitored. I am just curious to know how you would categorize the inbound and outbound traffic with 3 security objectives ?
Oluwaseun Soyomokun says
Considering the Information System Security Objectives (C.I.A Triad) and further to providing network security functions to enterprise security with the possibility of filtering either inbound or outbound network traffic and selectively block one of the traffic.
I would focus on securing outbound traffic; filtering the outbound traffic guarantees the availability and continuity of the core business systems(such as corporate email, Internet connectivity, and phone systems). I would focus on filtering the outbound network traffic to protect and secure sensitive personal identification information (PII) access, filter traffic such as requests to questionable or dangerous websites, VPN connections and email services, such as Post Office Protocol version 3, Internet Message Access Protocol and Simple Mail Transfer Protocol. Selectively blocking network traffic which can be harmful to the organizations network infrasstructure would be to implementing the DMZ Firewall.
One of the most well-known and implemented network security architecture patterns is that of the demilitarized zone (DMZ). This is a special network segment dedicated to security situated between one network and another, where you would usually trust one of those networks more than the other.The outer firewall would have its interfaces configured to face the untrusted network, filtering unsolicited traffic and only allowing certain protocols through into the DMZ.
Elizabeth Gutierrez says
Hi Oluwaseun,
I appreciate your perspective on choosing to filter and selectively block outbound network traffic because I had overlooked several of your considerations when addressing the question. With regards to outbound traffic, specialized filtering technologies such as firewall appliance or an off-site cloud service could provide additional security. Additionally, having proper IDS and IPS can also help companies block unwanted data and threats. I am curious to know how you would approach the range of risks associated with sensitive information leakage and data loss as a result of a failure to introduce a dedicated intranet security policy?
Oluwaseun Soyomokun says
Hi Elizabeth,
I appreciate your view about having off-site cloud and installation of IDS and IPS devices as a mitigation control to stop possible incident and for filtering outbound and inbound network traffic. Additionally, many IPS and IDS can identify reconnaissance activity, which may indicate that an attack is imminent or that a certain system or system characteristic is of particular interest to attackers.
Yangyuan Lin says
I will more concentrate on network traffic coming into internet. Because the network traffic from the outside is safe or authorized will not be able to determine exactly. Network traffic entering the website may have malicious software or malicious programs attacking the server. This may bring some information security risks:
1. unauthorized users can access sensitive and private information so that the confidentiality of the information cannot be ensured;
2. data is maliciously modified which will destroy the integrity of the information;
3. authorized users cannot obtain information (availability).
Oluwaseun Soyomokun says
Hi Lin,
Inbound network traffic may pose a threat to the network infrastructure and data breach likewise the outbound network traffic against exposing Pii or Accessing vulnerabilities from unknown browser certificates such with embedded malwares.
A network administrator [is required to have Firewall implementation and IDPS installed for monitoring and filtering the network.