|
|
|
|
|
|
by sjeanpierre
2748 days ago
|
|
|
Heuristics like data volume are a good starting point, but also known good traffic flow is important to know. In a "secure" environment you'd route all traffic through a know choke-point that is network controlled. In AWS this would be using the routing layer of the VPC to force traffic to something like a Squid proxy before allowing it out. On that proxy outbound traffic destination host or IPs would be compared to a list of known destination, and rejected if not match is found. These methods are not 100%, but they do help add another layer to the security process. |
|
|