Re: Blocking URLs

[Robert Lau <Robert.Lau () USC EDU>]

We see many phishing sites hosted at Google, Qualtrics, Wix, etc. Layer 3 blocks simply do not work for them or cause 
significant collateral damage. Plus, blocking at our border, or using OpenDNS, does not protect people reading email on 
random, unmanaged devices outside our network.

Any day now, we will be enabling TAP on our Proofpoint mail gateways. TAP will rewrite all (or possibly only suspicious 
URLs) found in email and will protect everybody who uses our mail systems. Known bad URLs are automatically blocked. If 
at some later date we discover that a URL is bad, we can block it and see who had clicked on it. Or at least that's 
what's supposed to happen. We shall see.

Robert Lau
Director, Information Systems Security
Information Technology Services
University of Southern California
213-740-5469


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris 
Green
Sent: Friday, July 31, 2015 09:47
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blocking URLs

All,

We are looking for a cost effective solution to prevent users from accessing sites when they fall for phishing 
attempts. Right now we are blocking IPs for those sites in our firewall, but this is not a great solution for us as we 
don't want to load up our firewall with these types of rules, and the majority of these sites use dynamic IPs, so it's 
a temporary fix at best.

I wanted to see if anyone had come up with a solution for this dilemma that doesn't involve dropping six figures on an 
application firewall.

Thanks,

-C.

Chris Green
Information Security Officer
University of Texas at Tyler