0

Ingress Vs. Egress Definition

Howard Poston
Jul 12, 2023
Ingress Vs. Egress Definition

Ingress and egress are terms that describe the direction in which network traffic and data are flowing through a network boundary. Ingress refers to traffic entering an organization’s network, while egress refers to traffic that is leaving an organization’s network.

The concepts of ingress and egress are important for cybersecurity in various ways. For example, an organization will have different firewall rules in place for ingress and egress traffic.

Ingress vs. Egress

The terms ingress and egress are largely a matter of perspective. Traffic that is entering an organization’s network is leaving the public Internet and vice versa.

For the terms of networking and security, ingress and egress are defined in relation to an organization’s own network. Ingress traffic is traffic entering the organization’s network, while egress traffic is leaving it.

Ingress Network Security

Often, when considering cybersecurity and how to defend an organization, the focus is on ingress traffic. The assumption is that most of the threats to the organization originate from outside of its network. By blocking these threats from coming in, the organization limits its cybersecurity risk.

Companies often have various types of defenses against inbound malicious traffic. These include:

  • Firewall Rules: Network firewalls are commonly configured to filter ingress traffic. For example, the firewall may only allow traffic to certain ports or from certain IP addresses to enter the network.
  • Ingress Filtering: Filtering of inbound traffic is typically intended to identify and block malicious content. For example, an intrusion prevention system (IPS) may look for signs of malware in network traffic, while a web application firewall (WAF) will detect and block attempted exploitation of web application vulnerabilities.
  • DDoS Prevention: A distributed denial-of-service (DDoS) attack sends more traffic to a system than it can handle. DDoS prevention solutions identify and filter this attack traffic, enabling the target to use its resources to manage legitimate requests.

Egress Network Security

Egress traffic is traffic that is leaving an organization’s network. While ingress security solutions try to keep bad things out, egress solutions focus on preventing good things — like an organization’s sensitive data — from leaving its protected network.

An organization may also have various solutions in place to manage egress traffic. Some common examples include:

  • Egress Filtering: Egress traffic filtering solutions are focused on an organization’s data. For example, data loss prevention (DLP) solutions will identify and block traffic carrying sensitive corporate data to unauthorized recipients.
  • Monitoring and Logging: Monitoring and logging solutions are useful for both inbound and outbound traffic. For egress traffic, the focus may be on detecting data exfiltration or malware command and control (C2) communications.
  • Bandwidth Management: Some networking infrastructure — such as multiprotocol label switching (MPLS) circuits — is expensive to use. Bandwidth management solutions may monitor and manage outbound traffic to control the utilization of an organization’s limited bandwidth.

Conclusion

Ingress and egress traffic define the two directions that traffic can flow across an organization’s network boundary. An effective cybersecurity strategy includes defenses that manage both of these types of traffic, blocking inbound threats and preventing outbound data flows.

Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Share the page: