Canadian Underwriter

Why brokers placing cyber should ask about outbound firewall rules

February 5, 2018   by Greg Meckbach, Associate Editor

Print this page Share

While brokers are usually not computer geeks, those who place cyber insurance can ask some basic questions to gauge their clients’ risk and figure out whether they overlooked a major security precaution known in tech jargon as outbound firewall rules.

A good opening question a broker can pose to a client is how much computer traffic is leaving the company’s computer network and where it is going, said Mark Nunnikhoven, Ottawa-based vice president of cloud research for Trend Micro Canada.

Some users think inbound firewall rules are enough to protect their networks. “But unfortunately that’s simply not true,” Nunnikhoven said. “Where people sometimes miss the boat is on the outbound side of things.”

A firewall either blocks network traffic completely or selectively filters traffic coming into and out of a computer network. Some firewalls are software installed on computers while other firewalls are hardware devices.

A computer administrator can tell the firewall which “ports” to use and which ports cannot be used, explained Doug Cooke, director for sales engineering at McAfee Canada.

In the context of computer networking, a “port” does not refer to a socket that someone plugs a cable into but rather a means by which certain services (such as web mail, web browsing and video conferencing) run between different computers on the network. The Internet Assigned Numbers Authority (an organization originally established under a contract with the U.S. defence department, and now affiliated with the Internet Corporation for Assigned Names and Numbers) assigns a port for each service.

Port 80, for example, is unencrypted browsing while port 443 is encrypted browsing, Cooke noted.

This affects cyber risk because if a hacker is able to somehow install software on to a computer, that malicious software is going to “communicate back outbound,” Cooke warned. “They will do that for a number of reasons, including getting more malware down on the system and they may use alternate ports to do that communication.”

So using a firewall to set rules on outbound network traffic is a way of mitigating IT security risk, because no computer network is likely to be 100% secure.

Despite efforts of software and operating system manufacturers to make their products resilient against cyber criminals, “some malware will get through, some systems will be breached,” said  Nunnikhoven. Therefore, having outbound firewall rules can mitigate risk when an attacker has already breached a corporate network, Cooke said.

The malicious software on the network will often “try to use” ports other than those commonly used for services such as web mail and browsing, Cooke added. “If you have those shut down it makes it more difficult for [the hackers].”

Not setting up rules on outbound traffic is a risk factor that some brokers’ clients may overlook,  Nunnikhoven warns. “You don’t want just unfettered access, where every system can just call out to the Internet any time it needs.”

Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *