Home page logo
/

basics logo Security Basics mailing list archives

Re: Eliminate iframes
From: Andre Silaghi <andre.silaghi () googlemail com>
Date: Mon, 24 Jun 2013 07:48:53 +0200

Hi there,

Thank you very much for your answers here. Well no I do not have any
websites including iframes but I want to prevent further infections of
my users which will visit infected websites perhaps. And yes I need
something more centralized like just one point of configuration and
every user behind is protected by the service. I will have a look at
IPCop and McAfee Web Gateway.

But I really do not want to block the entire websites because it is
just the malicious iframe. And many page owners do not even know that
their website has been compromised. The only "useful" iframes seems to
me to be the "Like" and "+1" buttons but the user will not need any
social network connections here.

It would be good to know if the iframes are used in such an important
way for the content of a webpage that you can't get rid of them.

best regards!

2013/6/22 Jaeschke, Samuel (Port Augusta Secondary School)
<Samuel.Jaeschke56 () schools sa edu au>:
Hi André,

I'm going to assume you are talking about websites on the public internet, which you do not control. If you are 
having issues with your own website being compromised then it's quite a different matter.


I would recommend to not disable iframes since a lot of legitimate websites also use them. If you choose to though, 
the method will depend on which web browser you are using. Here's some notes for Firefox:
http://forums.mozillazine.org/viewtopic.php?f=38&t=500589
Apparently it's also possible in IE and Opera, just google for it.

A better approach is to block the websites which host the malicious downloads (the website which loads inside the 
iframe). This also protects you from a number of other kinds of attacks.

One way to do this is by implementing a web proxy, which will allow you to filter out which websites can be accessed 
from within your network. A proxy communicates directly with the web-browser at the application level, and can filter 
both target URLs and web-page content. Ones I have used (or seen used) include McAfee Web Gateway (very good) and 
IPCop (which is free), though there are many others out there.
Some of these will automatically download an updated database of websites, sorted by category. So you could for 
example block the "Malicious" category (or similar), and then when new malicious websites are discovered they will 
automatically be blocked also. This is a low-maintenance approach, with a high degree of both control and precision. 
Most web gateways (including both McAfee and IPCop) are also capable of performing virus scanning and many other 
features.

Another approach is by using a modified hosts file. This works by pointing the bad domain names to 'nowhere', making 
them inaccessible. See here:
http://winhelp2002.mvps.org/hosts.htm
http://someonewhocares.org/hosts/zero/
On an enterprise network you would instead add the entries to your DNS server's root zone, for both performance and 
ease of administration. You could also create a "blocked" webpage to avoid some confusion, and place it on a 
webserver in your network. Then instead of directing these entries to 0.0.0.0 you would use the IP of your server 
hosting the blocked page.
Beware that this method could easily get messy if not carefully maintained, and will need you to update it manually. 
This method also cannot distinguish between webpages within each website. A proxy (or web gateway) is a far more 
thorough and effective solution.

Hope this helps,
SamJ :)

________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Andre Silaghi [andre.silaghi () 
googlemail com]
Sent: Friday, 21 June 2013 23:01
To: security-basics () securityfocus com
Subject: Eliminate iframes

hi community,

I am curious about your way of getting rid of iframes within large -
enterprise - networks. The problem is that a couple of websites are
trying to infect you using drive-by downloads mostly via iframes
within hijacked websites. The firewalls will not do it since it
operates only in osi level 3 or 4 but not within the application level
where iframes are usually transfered via http.

Is there any solution you could propose?

best regards,
andré

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------





This message is intended for the addressee named and may contain privileged information or confidential information 
or both. If you are not the intended recipient please delete it and notify the sender.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault