Educause Security Discussion
mailing list archives
Re: Blocking phishing URL's
From: Eric Schewe <Eric.Schewe () VIU CA>
Date: Mon, 2 Dec 2013 17:32:01 +0000
We also use our Palo Alto to block URLs and present a generic "URL blocked page".
We recently had a phishing e-mail sent that used Google Docs and unfortunately it used SSL so we couldn't block it. We
don't have traffic decryption enabled on the Palo Alto.
If the phishing site doesn't use SSL the Palo Alto will let you make very specific blocks so you don't end up having to
block an entire domain. For example we could block http://www.example.com/badform.html and still provide access to
http://www.example.com/index.html for users.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mally
Sent: Monday, December 02, 2013 08:21
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Blocking phishing URL's
Out of curiosity, do any of you do anything special for those using Google Docs / Forms for phishing?
On 2 Dec 2013 16:16, "Julian Y Koh" <kohster () northwestern edu<mailto:kohster () northwestern edu>> wrote:
On Dec 2, 2013, at 09:16 , "Ullman, Catherine" <cende () BUFFALO EDU<mailto:cende () BUFFALO EDU>>
I've been asked to investigate what other institutions are doing to block access to URL's at the edge (i.e. block
connections when people click on a URL, despite virtual hosting or fastflux DNS).
We use our Palo Alto firewalls to block this type of traffic.
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)
2001 Sheridan Road #G-166
Evanston, IL 60208
NUIT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
- Re: Blocking phishing URL's, (continued)