Re: Eliminate iframes

[Andre Silaghi <andre.silaghi () googlemail com>]

Hi there,

Thank you very much for your answers here. Well no I do not have any
websites including iframes but I want to prevent further infections of
my users which will visit infected websites perhaps. And yes I need
something more centralized like just one point of configuration and
every user behind is protected by the service. I will have a look at
IPCop and McAfee Web Gateway.

But I really do not want to block the entire websites because it is
just the malicious iframe. And many page owners do not even know that
their website has been compromised. The only "useful" iframes seems to
me to be the "Like" and "+1" buttons but the user will not need any
social network connections here.

It would be good to know if the iframes are used in such an important
way for the content of a webpage that you can't get rid of them.

best regards!

2013/6/22 Jaeschke, Samuel (Port Augusta Secondary School)
<Samuel.Jaeschke56 () schools sa edu au>:
> Hi André,
>
> I'm going to assume you are talking about websites on the public internet, which you do not control. If you are 
> having issues with your own website being compromised then it's quite a different matter.
>
>
> I would recommend to not disable iframes since a lot of legitimate websites also use them. If you choose to though, 
> the method will depend on which web browser you are using. Here's some notes for Firefox:
> http://forums.mozillazine.org/viewtopic.php?f=38&t=500589
> Apparently it's also possible in IE and Opera, just google for it.
>
> A better approach is to block the websites which host the malicious downloads (the website which loads inside the 
> iframe). This also protects you from a number of other kinds of attacks.
>
> One way to do this is by implementing a web proxy, which will allow you to filter out which websites can be accessed 
> from within your network. A proxy communicates directly with the web-browser at the application level, and can filter 
> both target URLs and web-page content. Ones I have used (or seen used) include McAfee Web Gateway (very good) and 
> IPCop (which is free), though there are many others out there.
> Some of these will automatically download an updated database of websites, sorted by category. So you could for 
> example block the "Malicious" category (or similar), and then when new malicious websites are discovered they will 
> automatically be blocked also. This is a low-maintenance approach, with a high degree of both control and precision. 
> Most web gateways (including both McAfee and IPCop) are also capable of performing virus scanning and many other 
> features.
>
> Another approach is by using a modified hosts file. This works by pointing the bad domain names to 'nowhere', making 
> them inaccessible. See here:
> http://winhelp2002.mvps.org/hosts.htm
> http://someonewhocares.org/hosts/zero/
> On an enterprise network you would instead add the entries to your DNS server's root zone, for both performance and 
> ease of administration. You could also create a "blocked" webpage to avoid some confusion, and place it on a 
> webserver in your network. Then instead of directing these entries to 0.0.0.0 you would use the IP of your server 
> hosting the blocked page.
> Beware that this method could easily get messy if not carefully maintained, and will need you to update it manually. 
> This method also cannot distinguish between webpages within each website. A proxy (or web gateway) is a far more 
> thorough and effective solution.
>
> Hope this helps,
> SamJ :)
>
> ________________________________________
> From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Andre Silaghi [andre.silaghi () 
> googlemail com]
> Sent: Friday, 21 June 2013 23:01
> To: security-basics () securityfocus com
> Subject: Eliminate iframes
>
> hi community,
>
> I am curious about your way of getting rid of iframes within large -
> enterprise - networks. The problem is that a couple of websites are
> trying to infect you using drive-by downloads mostly via iframes
> within hijacked websites. The firewalls will not do it since it
> operates only in osi level 3 or 4 but not within the application level
> where iframes are usually transfered via http.
>
> Is there any solution you could propose?
>
> best regards,
> andré
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
>
>
>
> This message is intended for the addressee named and may contain privileged information or confidential information 
> or both. If you are not the intended recipient please delete it and notify the sender.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------