Re: Blocking phishing URL's

[Eric Schewe <Eric.Schewe () VIU CA>]

We also use our Palo Alto to block URLs and present a generic "URL blocked page".

We recently had a phishing e-mail sent that used Google Docs and unfortunately it used SSL so we couldn't block it. We 
don't have traffic decryption enabled on the Palo Alto.

If the phishing site doesn't use SSL the Palo Alto will let you make very specific blocks so you don't end up having to 
block an entire domain. For example we could block http://www.example.com/badform.html and still provide access to 
http://www.example.com/index.html for users.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mally 
Mclane
Sent: Monday, December 02, 2013 08:21
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Blocking phishing URL's


All,

Out of curiosity, do any of you do anything special for those using Google Docs / Forms for phishing?

Mally
On 2 Dec 2013 16:16, "Julian Y Koh" <kohster () northwestern edu<mailto:kohster () northwestern edu>> wrote:
On Dec 2, 2013, at 09:16 , "Ullman, Catherine" <cende () BUFFALO EDU<mailto:cende () BUFFALO EDU>>
 wrote:
> I've been asked to investigate what other institutions are doing to block access to URL's at the edge (i.e. block 
> connections when people click on a URL, despite virtual hosting or fastflux DNS).

We use our Palo Alto firewalls to block this type of traffic.


--
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>