The functionality of making network requests for getting and sending data is abstracted into HTTP API in WordPress. As long as plugins do use related functions (and not make requests directly via raw PHP) you have degree of control over the behavior.
The easiest way is probably to only whitelist hosts you need/trust and leave rest blocked.
define( 'WP_HTTP_BLOCK_EXTERNAL', true );
define( 'WP_ACCESSIBLE_HOSTS', 'api.wordpress.org,*.github.com' );
See Block External URL Requests in Codex.