|Keith via plug on 29 Mar 2021 09:49:18 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] Chinese state hackers - new linux malware|
On Mon, Mar 29, 2021, 09:05 Fred Stluka <email@example.com> wrote:
Yeah, egress filtering is a good idea. Thanks!
I googled it. Found:
- Customer to Customer -- Like B2B (Business to Business)
- Cam to Cam -- Modern lingo about webcam chats
- Corp to Corp -- 1099's like I use with my clients
- Consumer to Consumer -- like the Uber business model
I'm not sure you meant any of these. Other?
Digging a little deeper I found:
- C&C -- Command And Control infrastructure
- Comply to Connect -- software to ensure compliance
(control and identity) of devices trying to connect
Am I getting close?
HAH! Long day that day. Yes, *C&C*, command/control. I'd presume that would be apparent in context. My brain apparently could not decide between C2 and C&C, so it went with both.
LOL... yea last year, I attended a meeting where I started
seeing C2 more than C&C and it took me a bit to realize what
was going on too.
Love your point though! Egress filtering is usually a big deficiency in security operations when you have a large end user device footprint. Its bad enough IT operations trust software or appliances on the ingress side but even after I explain to people that nothing is perfect and you have to still look at traffic flows- in AND out. I get that glassy eyed look of disbelief.
Yes your outbound proxy is blocking [known] porn, sports and
gambling sites but no that doesn't immediately imply C&C
traffic is dropped and reported to you. If you're not putting
your eyes on the traffic flow you probably wouldn't even begin to
know what to look for or be curious about.
That's just at the border... is anyone watching traffic flows
intra-network? Would you even know what abnormal traffic looked
link inside your network? Are you proficient enough in your tools
to "fight" an active event? Those are other questions that will
get you a deer-in-headlights look.
Lots of horror stories but this often comes back to companies
choosing products over people, assuming they take security
seriously at all. You need humans on this because despite all the
cool toys that can help, you still need a human brain to do the
-- ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Managing Member, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug