The Basics – Block Uncategorized Websites

Website ConstructionThe HTTP protocol has long been used by bad guys as an infection vector, command and control channel, and of course data exfiltration. The countermeasure most organizations use to mitigate this attack path is a proxy server that monitors outgoing HTTP requests and blocks calls to undesirable websites. Apparently we didn’t learn anything from the firewall debacle years ago though since many organizations usually take the blacklist approach and block categories of websites. The categories blocked of course include those known to be used by the bad guys but also others based on corporate policies.

But what about sites that are not categorized? Continuing on with their blacklist approach, many organizations permit these sites as well. Unfortunately, our adversaries have adapted and continue to take advantage of the HTTP “firewall” hole by creating temporary domain names for their nefarious purposes. The solution of course is to block uncategorized websites.

Users will most likely complain about not getting to the new hot sites but the proxy could provide a form that allows them to submit the site to for approval. The initial load will undoubtedly bog down the proxy administrator but eventually the amount of requests should level off. And of course hybrid solutions exist that could ease the burden for both users and administrators. For example, instead of filling out a request form, the proxy could ask users to complete a CAPTCHA or enter a SecureID value to help ensure the request is from a real person and not malicious software trying to call out.

#####

Today’s post pic is from medithIT. See ya!

5 comments for “The Basics – Block Uncategorized Websites

  1. February 16, 2016 at 11:30 pm

    The Basics – Block Uncategorized Websites https://t.co/vk5NUTxY13 https://t.co/Rge8A5sg9X

  2. February 17, 2016 at 12:37 am

    The Basics – Block Uncategorized Websites https://t.co/lWOinLZkim #iSecNews

  3. February 17, 2016 at 2:54 am

    BLOGGED: The Basics – Block Uncategorized Websites https://t.co/YsondatKv6

  4. February 17, 2016 at 8:29 am

    Does your co allow uncategorized websites? Hopefully not… https://t.co/vk5NUTPzpD https://t.co/WzCJ1OVKJa

  5. February 17, 2016 at 12:27 pm

    Some new bloggage. -> The Basics – Block Uncategorized Websites #InfoSec https://t.co/vk5NUTPzpD https://t.co/WzCJ1OVKJa

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.