Outgoing traffic security?
-
Not sure is this available or not - Is there a built in or addon that allows the following:
Ability to define outbound (LAN to WAN) controls by data over time (EG 40MB over 5 mins) per device. If the device exceeds the controls it is blocked and an email is sent to the admin.
Setup:
Define a IP range alias to control EG 10.100.1.0/24
Define the maximum data transfer in Bytes EG 40MB
Define the period the data transfer applies to EG 3Mins
Define Destination Exceptions EG 8.8.8.8
Define port exceptions EG 25 (for a email server)
Define Notification email/test addresses
Define block period EG 240minsExample (using the above #s)
IP 10.100.1.176 starts sending data outbound (LAN to WAN). In 2 minutes it has sent 40MB. The WAN access is now blocked for 10.100.1.176 and an warning email is sent to the admin.
After 4 hours (240mins) the block is lifted. If the block period was not defined then the block can only be lifted manually. -
The short answer there is no.
The captive portal is probably closest to that but it's not designed for short periods like that.You can set rate limits of sorts on firewall rules but not for total data. You can set rates of state openings.
Steve
-
That's disappointing. I'm looking at improving security. By doing what I was asking I could ensure a bad actor on my network wouldn't be able to upload a bunch of sensitive data. I don't want to impact normal users with overall rate limits. With typical WAN connection speeds the time period has to be minutes.
-
I mean if that's where you want the limit you could just limit all uploads to 2.6Mbps per IP for the ports your want. That probably won't hurt general browsing etc too much.
However it wouldn't actually stop anyone uploading something it would just take longer.Steve
-
@dennis100 said in Outgoing traffic security?:
I could ensure a bad actor on my network wouldn't be able to upload a bunch of sensitive data
How is that? If I was a bad actor and I was trying to "sneak" data out of a network I sure wouldn't try and saturate the pipe for any length of time ever.. Since that could draw attention.
I would slowing move the data in small bursts over random periods of time to make it harder to detect.. And most likely to different destinations, so you don't always see IP x talking to IP Y ;)
-
This would be just one tool of many. True, a smart hacker may try to distribute the transfer over time/destinations. Some aren't that diligent.
