Suspicious Outbound Activity
Network security pros should be trained in monitoring firewalls and intrusion-prevention and -detection systems to identify outbound activity to suspicious locations. Attackers also will use obscure ports to bypass security filtering mechanisms. The goal is to pass through network devices as legitimate traffic. The malicious traffic could signal a botnet infection and communication to a command-and-control server. Shutting down unnecessary ports can block malicious communication and help increase visibility, Trustwave said.