Egress filtering
From Wikipedia, the free encyclopedia
In computer networking, egress filtering is a method of filtering electronic traffic that contributes to the security of a network and therefore makes it less prone to attacks from hackers.
This method of filtering prevents hackers from using a machine or resources to launch attacks against other systems. It does this by monitoring and filtering packets that leave the internal network to external networks (Internet) via a router. Egress filtering helps ensure that unauthorized traffic never leaves the internal network.
In a corporate network the initial default would be to block egress of all packets, then to only allow outward web, email and DNS traffic from specified servers. User workstations would then need to be set (typically automatically) to use the central mail server, web proxy etc. The effect of such a "restrictive firewall" is that each new application needing some internet access may require a firewall policy change - which is why it is an uncommon feature on consumer and very small business networks.
