Ingress and Egress Filtering
In network security, two types of filtering namely, Ingress and Egress are used to secure the network.
Ingress Filtering:
Ingress filtering is a process of monitoring and restricting the flow of information (or packets in networking terms) which enters a network.
Ingress filtering is used to prevent the network from being attacked by malicious sites and also to prevent denial-of-service attacks.
Ingress filtering involves examining the packets to verify the source IP address and check if they are genuine.
Egress filtering:
Egress filtering is a process of monitoring and restricting the flow of information (or packets in networking terms) going outside of a network.
Egress filtering is used to prevent malicious or unauthorized content from leaving the network. It also ensures that only supported protocols are used in the outgoing traffic.
Egress filtering could be applied by using a proxy server to route the outgoing traffic. The traffic from all the servers/systems in the network should go through the proxy. Egress rules could be applied on the proxy server.