Educause Security Discussion mailing list archives

Re: Blocking URLs

From: Andre DiMino <adimino () GWU EDU>
Date: Fri, 31 Jul 2015 13:09:10 -0400

We use OpenDNS to block phish domains.
We are also able to determine which hosts may have visited these domains
prior to blocking.

On Fri, Jul 31, 2015 at 12:57 PM, Pratt, Benjamin E. <
bepratt () stcloudstate edu> wrote:

At the EDUCAUSE Security Professionals Conference there was a session
about using OpenDNS for blocking these types of attacks. There are also
many other options for controlling DNS to reduce this risk but if someone
isn’t using your DNS, or is going directly to IPs, then it’s not effective.



--



Benjamin Pratt

ITS Security Team



St. Cloud State University



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Chris Green
*Sent:* Friday, July 31, 2015 11:47 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Blocking URLs



All,



We are looking for a cost effective solution to prevent users from
accessing sites when they fall for phishing attempts. Right now we are
blocking IPs for those sites in our firewall, but this is not a great
solution for us as we don’t want to load up our firewall with these types
of rules, and the majority of these sites use dynamic IPs, so it’s a
temporary fix at best.



I wanted to see if anyone had come up with a solution for this dilemma
that doesn’t involve dropping six figures on an application firewall.



Thanks,



-C.



*Chris Green*

Information Security Officer

University of Texas at Tyler




-- 
Andre' M. DiMino
Senior Network Security Engineer
The George Washington University
Desk: (202) 994-6114
Cell: (202) 365-0548
adimino () gwu edu

*Learn how to protect your personal information*

   - Recent Phishes we received http://go.gwu.edu/phishes
   - Twitter account for GWU phishing notifications
   https://twitter.com/PhishesDotNet
   - Video How to detect phishing http://go.gwu.edu/detectphishing
   - Email abuse () gwu edu to report security incidents or concerns

Current thread:

Blocking URLs Chris Green (Jul 31)
- Re: Blocking URLs Barton, Robert (Jul 31)
- Re: Blocking URLs Bob Bayn (Jul 31)
- Re: Blocking URLs Pratt, Benjamin E. (Jul 31)
  - Re: Blocking URLs Andre DiMino (Jul 31)
  - Re: Blocking URLs Chris Green (Jul 31)
    - Re: Blocking URLs Tevlin, Dave (Jul 31)
    - Re: Blocking URLs randy (Jul 31)
    - Re: Blocking URLs McClenon, Brady (Jul 31)
    - Re: Blocking URLs Shamblin, Quinn (Aug 12)
- Re: Blocking URLs Ricardo Fitipaldi (Jul 31)
- Re: Blocking URLs Robert Lau (Jul 31)
- <Possible follow-ups>
- Re: Blocking URLs Blackwood, James (Jul 31)
- Re: Blocking URLs Michael Benedetto (Jul 31)