Educause Security Discussion mailing list archives
Re: [External] [SECURITY] Blacklisting XYZ Domains
From: "Bandy, John" <jbandy () SAMFORD EDU>
Date: Wed, 11 Nov 2020 21:24:33 +0000
I block domains daily based on phishing requests reported by employees. I have not had any issues. I have been doing this for several years. We use Cisco's IronPort so IronPort catches many of them before they get to the mailboxes. Of course, general user domains (such as yahoo, gmail, hotmail etc) are not able to be blocked. We only block the sending address. I will run a query before blocking the domain to make sure no legitimate email (from other addresses from that domain) will be affected. John Bandy Chief Information Security Officer Technology Services 205-726-2692<tel:+1205-726-2692> | office 205-726-2692 | fax JBandy () Samford Edu<mailto:JBandy () Samford Edu> Twitter<http://twitter.com/SamfordInfoSec> 800 Lakeshore Drive Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US> [mford Samford University Logo] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Adam T. Ferrero Sent: Wednesday, November 11, 2020 3:17 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL]Re: [SECURITY] [External] [SECURITY] Blacklisting XYZ Domains We use Palo Alto and allow it to DNS sinkhole malware, etc. as well as a custom list of targeted bad stuff. We only block the bad stuff so no one complains about that. Adam https://www.marketplace.org/2020/06/17/tech-companies-update-language-to-avoid-offensive-terms/<https://secure-web.cisco.com/1OEWugbfkzIolzI3lgHESGxfiNN8fdvcs8D94UuW--eKv82kJpZTRHrFlSvuSR3WBuGJ-oY1I9TCuXILg8a-_IUD0Q1ikq5HVoYIkXDEshgd6zIe-8d7PTyWgjCOuo6z2yDY9C-_cYgi-kGil1WEpoZl-_ft1HuGQQ4n6DwyN3G1HgdwuctK1CJTSvf7ykgYL-AsjI-UeQxEcyZ-5W2yNyi1DR6w7v5UDzR-NbP754q_oE8W08n9sqVG2TZN6aSUsS4ygfl7B0WR0Y8j_QL8YXOoa7d3ki_C4ZFhvW4EHUCt_ET_eLIeZRq5UHPG25p2g/https%3A%2F%2Fwww.marketplace.org%2F2020%2F06%2F17%2Ftech-companies-update-language-to-avoid-offensive-terms%2F> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Valentijn, Ashley Sent: Wednesday, November 11, 2020 3:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [External] [SECURITY] Blacklisting XYZ Domains Hello all, Hope everyone is doing well and staying safe! Our office recently received a request to block the XYZ domain on the university network due to the increased rise in phishing attacks. Has this been done at other universities and colleges and if so, was there any backlash from faculty members, researchers, etc.? Best regards, Ashley Valentijn, M.S. Security Engineer Information Security Office P: 305-284-4582 | E: axv749 () miami edu<mailto:axv749 () miami edu> [cid:image003.jpg@01D6B83E.C0D75930] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://secure-web.cisco.com/1faRlajDxNlE3mmgy5S-hLPr2kNeQAmdyIaiTEHi1_bRcb6YPNDCENBpejPW6gJY18RH_T3cner-iM4TqSUrHpYAtOIAGX6nQruv3ztFRlrJ0KNfOaEYEiD5EYRkGHsnOY81RHZHDWK06BodlORS69DUOnL6hpxvRUL1gp0qaNk_xaFUMhxBfsUfMLvVFNgZ51X7_6IjMKxq3LedyegoKqmq177HTMLWB5o5CMe2wJzaaoujQUr-q7Fw0owo3xA2v4Khf9KUqfsI00YxHCw3-1K_5IvvZhWHbjNwQ5njEDFMIlzw2uuCCakZsF7NGfCt1/https%3A%2F%2Fwww.educause.edu%2Fcommunity> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://secure-web.cisco.com/1faRlajDxNlE3mmgy5S-hLPr2kNeQAmdyIaiTEHi1_bRcb6YPNDCENBpejPW6gJY18RH_T3cner-iM4TqSUrHpYAtOIAGX6nQruv3ztFRlrJ0KNfOaEYEiD5EYRkGHsnOY81RHZHDWK06BodlORS69DUOnL6hpxvRUL1gp0qaNk_xaFUMhxBfsUfMLvVFNgZ51X7_6IjMKxq3LedyegoKqmq177HTMLWB5o5CMe2wJzaaoujQUr-q7Fw0owo3xA2v4Khf9KUqfsI00YxHCw3-1K_5IvvZhWHbjNwQ5njEDFMIlzw2uuCCakZsF7NGfCt1/https%3A%2F%2Fwww.educause.edu%2Fcommunity> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Blacklisting XYZ Domains Valentijn, Ashley (Nov 11)
- Re: [External] [SECURITY] Blacklisting XYZ Domains Adam T. Ferrero (Nov 11)
- Re: [External] [SECURITY] Blacklisting XYZ Domains Bandy, John (Nov 11)
- Re: Blacklisting XYZ Domains Jesse Bowling (Nov 11)
- Re: [External] Re: [SECURITY] Blacklisting XYZ Domains Kevin Wilcox (Nov 12)
- <Possible follow-ups>
- Re: Blacklisting XYZ Domains Glenn Forbes Fleming Larratt (Nov 12)
- Re: Blacklisting XYZ Domains Von Welch (Nov 12)
- Re: [External] [SECURITY] Blacklisting XYZ Domains Adam T. Ferrero (Nov 11)