Keith via plug on 29 Mar 2021 09:49:18 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Chinese state hackers - new linux malware

On 3/29/21 12:03 PM, brent saner via plug wrote:
On Mon, Mar 29, 2021, 09:05 Fred Stluka <fred@bristle.com> wrote:
Brent,

Yeah, egress filtering is a good idea.  Thanks!

C2C?

I googled it.  Found:
- Customer to Customer -- Like B2B (Business to Business)
- Cam to Cam -- Modern lingo about webcam chats
- Corp to Corp -- 1099's like I use with my clients
- Consumer to Consumer -- like the Uber business model
- etc.

I'm not sure you meant any of these.  Other?

Digging a little deeper I found:
- C&C -- Command And Control infrastructure
- Comply to Connect -- software to ensure compliance
    (control and identity) of devices trying to connect

Am I getting close?

Thanks!
--Fred

HAH! Long day that day. Yes, *C&C*, command/control. I'd presume that would be apparent in context. My brain apparently could not decide between C2 and C&C, so it went with both.

LOL... yea last year,  I attended a meeting where I started seeing C2 more than C&C and it took me a bit to realize what was going on too.

Love your point though!  Egress filtering is usually a big deficiency in security operations when you have a large end user device footprint.  Its bad enough IT operations trust software or appliances on the ingress side but even after I explain to people that nothing is perfect and you have to still look at traffic flows- in AND out.  I get that glassy eyed look of disbelief.

Yes your outbound proxy is blocking [known] porn, sports and gambling sites but no that doesn't immediately imply C&C traffic is dropped and reported to you.  If you're not putting your eyes on the traffic flow you probably wouldn't even begin to know what to look for or be curious about.

That's just at the border... is anyone watching traffic flows intra-network?  Would you even know what abnormal traffic looked link inside your network?  Are you proficient enough in your tools to "fight" an active event?  Those are other questions that will get you a deer-in-headlights look.

Lots of horror stories but this often comes back to companies choosing products over people, assuming they take security seriously at all.  You need humans on this because despite all the cool toys that can help, you still need a human brain to do the comprehensive solutions.

-- 
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Managing Member, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug