Re: [fw-wiz] Securing email by inhibiting urls

Chris wrote:

Until I can disable a users ability to click a url in an email that appears
to come from a trusted source, I'm fighting constant infection. We
regularly spot infections (read WE, not our security systems), that are
resident in our network and have been there days/weeks/months. We currently
have at least one that we are watching to see what it is trying to do before
shutting it down....

Stupid users, too much connectivity, good security - you can have
any two.

I'm guessing that when you say "trusted source" what you mean
is "apparently trustworthy source" - not that you actually have a
list somewhere of trusted sources. If you had a list of trusted
sources then you could put in a firewall that did URL filtering
then have 2 group policies: "users who click on bad URLs"
and "users who are careful what they click on" Only allow
"users who click on bad URLs" to go to the trusted destinations
and deny everything else.

But it sounds like you've got an impossible problem: you're
being asked to solve end-user trust with technology and still
maintain a fairly open network. That's not going to happen,
though surely you can thrash painfully about playing network


Marcus J. Ranum CSO, Tenable Network Security, Inc.

firewall-wizards mailing list

Relevant Pages

  • Re: [fw-wiz] Securing email by inhibiting urls
    ... to come from a trusted source, I'm fighting constant infection. ... If that email was the vessel of an attack, the sender is fake. ... If the sender is contacted, and resent the URL, the same filtering wil apply (it's evil, isn't it:)) ...
  • Re: The reviews you choose
    ... mouth is the important factor to you guys. ... I'm interested in how the trusted source ... network comes about and who's at the top of it and how they form their ... and often get the opportunity to read books early. ...