I hope this is not too much off topic.
I am wondering what are you guys doing to prevent malware from getting behind firewall.
Thinking how many users have Wifi + IOT + mobile hotspots makes me uncomfortable
There is of course the news and software vendors trying to take advantage of your lack of knowledge.
I understand that the JA3 is not enabled and not going to be part of IPS for the near future.
Is there anything else one can do to lower the chances getting hit with Emotet, Cobalt Strike, Fake Windows Updates ?
We plan to add Suricata 7 with enabled JA3, but before we can add this, we need full rust compiler support with changed dependency handling. Because default rust-cargo will download every dependency from net while compiling which ends in non consistent builds.
Michael is working on rust. I think it need some time but it should ready soon.
Thank you for the update,
I didn’t even notice Suricata 7 being anywhere on the horizon
Generally speaking, malware still has a heavy presence in email delivery. Do everything you can there:
enable SPF, DKIM, ADSP, DMARC
cloud-based spam/virus filtering before it hits your mail server
In web browsers, use a filtering extension like U-block Origin.
Thank you for the suggestion. Are you using any particular lists for U-block Origin, or just the standard ones they ship with?
It’s configured pretty well out of the box. I don’t mess with the settings except maybe at home on my personal machine where I have time to fix things if they break.
just a minor comment on this snippet from a postmaster’s point of view: It is not always necessary to move your mail infrastructure to the cloud, or use something cloud-based in front of it. (Actually, some folks recommend using your own mail server whenever possible…)
Basically, the content scanner working in the IPFire project’s mail infrastructure is just a tuned
rspamd, combined with a good acceptable use policy. Works pretty well so far, spam messages rarely make it through.
As a privacy guy, I love the fact that we do not have to expose our mail traffic in general to any 3rd party.
Thanks, and best regards,