nCircle.com >> 360 Security >> The Lens

« It's not about technology | Main | It's Not Always About You »

But I Egress...

We're often so focused on who is getting into our infrastructure that we forget about who or what might be getting out. It's a natural tendency, of course, given the focus that InfoSec has traditionally had, and given that we still have the problem of people getting in. There's a quote at the end of this article about the Hannaford breach:

"Clearly, there was a pathway back out of the network that Hannaford should have closed,"

How many organizations implicitly trust outbound connections from their own servers? How many organizations inspect the content and patterns of outbound connections? In this case, Hannaford might have seen correlation between credit cards being processed and a connection out to "an overseas destination," or at least an unexplained outbound connection to that destination on a regular basis.

Having just watched Ocean's 11 last night, I'm reminded that overcoming the challenge of getting into the vault is worthless if you can't manage to get out with the cash.

Posted by Tim Erlin on March 31, 2008 5:20 AM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/262

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on March 31, 2008 5:20 AM.

The previous post in this blog was It's not about technology.

The next post in this blog is It's Not Always About You.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.35