We are experiencing extensive attacks including zero-click exploits with fileless malware from corrupted ISP/adversary, therefore, online system updating/upgrading is not possible.
For the current release 7.5, specifically for security patches, if we downloaded the security patches located at any of the mirror links, for example,
manually verified the signature with signify, then changed the online path under /etc/installurl to point to the usb/location that contains the downloaded security patch files, and then executed the command syspatch, usually, the security patch files gets pulled from the pointed physical location and gets updated, however, my question is, would that be sufficient for patching the system, or do we actually have to compile from source and include the security patch files in the compilation process?.
We are applying the same process for firmware files, fw_update -p ./firmware_files
Any suggestions to mitigate the zero-click exploit with fileless malware attacks. Please advise. In the firewall rules, one of the main purposes of block all rule is to make the attacker completely blind of the system being implemented, however, updating online completely defies the purpose of block all, because it helps a corrupted adversary monitoring the transmission figure out the server/site connecting to, in our case bsd, therefore, revealing the platform being implemented and lunching an attack targeted to that specific platform.
Thank you for your kind support.
John
No comments:
Post a Comment