This is a white paper I wrote for a security conference for the Air Force.

Computer and network security specialists typically focus on incoming traffic to set requirements for their security posture. Often times outgoing traffic is neither considered nor monitored. This attitude carries the potential for serious repercussions and significant security breaches. The worst-case scenario is a compromised internal host that initiates a connection to a remote server through https (443/tcp). This is a worst-case scenario because, on most networks, https is allowed through all the security architecture from the inside going out; it is also encrypted, which prevents any timely monitoring of connection data. This paper explores some possible methods of this type of compromise, the significance of this compromise, and possible solutions for this scenario.