Educause Security Discussion mailing list archives

Re: Blocking URLs

From: randy <marchany () VT EDU>
Date: Fri, 31 Jul 2015 13:48:48 -0400

OpenDNS and RPZ are good solutions. A cautionary note about OpenDNS - they
basically become your institution's DNS primary. Which means they will know
where everyone at your institution goes on the net. There are FERPA, ITAR,
PCI, GLB, HIPAA issues that you need to examine when considering OpenDNS.

-Randy Marchany
VA Tech IT Security Office

On Fri, Jul 31, 2015 at 1:43 PM, Tevlin, Dave <dtevlin () visi org> wrote:

Just to throw this into the mix on OpenDNS. Cisco announced their intent
to acquire OpenDNS yesterday.

Small FYI.

Dave

On Fri, Jul 31, 2015 at 1:22 PM, Chris Green <CGreen () uttyler edu> wrote:

I am looking into OpenDNS now. Am I safe in assuming they used to offer a
freemium model, but no more? Can anyone tell me what we would be looking at
in cost to support roughly 1,500 users?



Thanks,



-C.



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Pratt, Benjamin E.
*Sent:* Friday, July 31, 2015 11:58 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Blocking URLs



At the EDUCAUSE Security Professionals Conference there was a session
about using OpenDNS for blocking these types of attacks. There are also
many other options for controlling DNS to reduce this risk but if someone
isn’t using your DNS, or is going directly to IPs, then it’s not effective.



--



Benjamin Pratt

ITS Security Team



St. Cloud State University



*From:* The EDUCAUSE Security Constituent Group Listserv [
mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
Behalf Of *Chris Green
*Sent:* Friday, July 31, 2015 11:47 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Blocking URLs



All,



We are looking for a cost effective solution to prevent users from
accessing sites when they fall for phishing attempts. Right now we are
blocking IPs for those sites in our firewall, but this is not a great
solution for us as we don’t want to load up our firewall with these types
of rules, and the majority of these sites use dynamic IPs, so it’s a
temporary fix at best.



I wanted to see if anyone had come up with a solution for this dilemma
that doesn’t involve dropping six figures on an application firewall.



Thanks,



-C.



*Chris Green*

Information Security Officer

University of Texas at Tyler

Current thread:

Blocking URLs Chris Green (Jul 31)
- Re: Blocking URLs Barton, Robert (Jul 31)
- Re: Blocking URLs Bob Bayn (Jul 31)
- Re: Blocking URLs Pratt, Benjamin E. (Jul 31)
  - Re: Blocking URLs Andre DiMino (Jul 31)
  - Re: Blocking URLs Chris Green (Jul 31)
    - Re: Blocking URLs Tevlin, Dave (Jul 31)
    - Re: Blocking URLs randy (Jul 31)
    - Re: Blocking URLs McClenon, Brady (Jul 31)
    - Re: Blocking URLs Shamblin, Quinn (Aug 12)
- Re: Blocking URLs Ricardo Fitipaldi (Jul 31)
- Re: Blocking URLs Robert Lau (Jul 31)
- <Possible follow-ups>
- Re: Blocking URLs Blackwood, James (Jul 31)
- Re: Blocking URLs Michael Benedetto (Jul 31)