Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Blocking phishing URL's
From: Eric Schewe <Eric.Schewe () VIU CA>
Date: Mon, 2 Dec 2013 17:32:01 +0000

We also use our Palo Alto to block URLs and present a generic "URL blocked page".

We recently had a phishing e-mail sent that used Google Docs and unfortunately it used SSL so we couldn't block it. We 
don't have traffic decryption enabled on the Palo Alto.

If the phishing site doesn't use SSL the Palo Alto will let you make very specific blocks so you don't end up having to 
block an entire domain. For example we could block http://www.example.com/badform.html and still provide access to 
http://www.example.com/index.html for users.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mally 
Sent: Monday, December 02, 2013 08:21
Subject: Re: [SECURITY] Blocking phishing URL's


Out of curiosity, do any of you do anything special for those using Google Docs / Forms for phishing?

On 2 Dec 2013 16:16, "Julian Y Koh" <kohster () northwestern edu<mailto:kohster () northwestern edu>> wrote:
On Dec 2, 2013, at 09:16 , "Ullman, Catherine" <cende () BUFFALO EDU<mailto:cende () BUFFALO EDU>>

I've been asked to investigate what other institutions are doing to block access to URL's at the edge (i.e. block 
connections when people click on a URL, despite virtual hosting or fastflux DNS).

We use our Palo Alto firewalls to block this type of traffic.

Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
NUIT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]