Firewall Wizards mailing list archives
Re: Securing email by inhibiting urls
From: Jean-Denis Gorin <jdg.ieee () free fr>
Date: Fri, 12 Aug 2011 12:15:51 +0200 (CEST)
----- Marcus Ranum <mjr () ranum com> a écrit :
Chris wrote:Until I can disable a users ability to click a url in an email that appears to come from a trusted source, I'm fighting constant infection. We regularly spot infections (read WE, not our security systems), that are resident in our network and have been there days/weeks/months. We currently have at least one that we are watching to see what it is trying to do before shutting it down....Stupid users, too much connectivity, good security - you can have any two. I'm guessing that when you say "trusted source" what you mean is "apparently trustworthy source" - not that you actually have a list somewhere of trusted sources. If you had a list of trusted sources then you could put in a firewall that did URL filtering then have 2 group policies: "users who click on bad URLs" and "users who are careful what they click on" Only allow "users who click on bad URLs" to go to the trusted destinations and deny everything else. But it sounds like you've got an impossible problem: you're being asked to solve end-user trust with technology and still maintain a fairly open network. That's not going to happen, though surely you can thrash painfully about playing network whac-a-mole.
There might be a way *evil grin* 1- convert ALL incoming email to text/plain format (all those HTML formated emails from outside are bullshit: SPAM, commercials from vendors, invitations to shiny conferences, etc.) 2- substitute ALL URL with 'that link was removed for security reason [*]', with [*] stating: 'if access to that link is needed, please contact the sender of the message' If that email was the vessel of an attack, the sender is fake. So no point trying to contact it. If the sender is contacted, and resent the URL, the same filtering wil apply (it's evil, isn't it :) ) If you don't want the filtering to be as evil as described, you can amend the note like this: 'if access to that link is needed, please contact the sender of the message and' Option 1: 'request him to send you that link address through another channel' Option 2: 'request him to send you that link address embedded in a text file attachement' The other way is to teach your users to NOT CLICK LINKS IN EMAIL, EVER. Good luck! JDG _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Securing email by inhibiting urls Chris (Aug 10)
- Re: Securing email by inhibiting urls Mathew Want (Aug 11)
- Re: Securing email by inhibiting urls Chris (Aug 11)
- Re: Securing email by inhibiting urls Marcus Ranum (Aug 11)
- Re: Securing email by inhibiting urls Jean-Denis Gorin (Aug 12)
- Re: Securing email by inhibiting urls Marcus Ranum (Aug 12)
- Re: Securing email by inhibiting urls Chris (Aug 11)
- Re: Securing email by inhibiting urls Timothy Shea (Aug 11)
- Re: Securing email by inhibiting urls Mathew Want (Aug 11)
- Re: Securing email by inhibiting urls Chris (Aug 11)
- Re: Securing email by inhibiting urls Kurt Buff (Aug 11)
- Re: Securing email by inhibiting urls Victor Williams (Aug 11)
- Re: Securing email by inhibiting urls Chris (Aug 12)
- Re: Securing email by inhibiting urls Paul D. Robertson (Aug 12)