Reply
Highlighted
L1 Bithead
Posts: 10
Registered: ‎01-27-2014

Testing 8.0 Credential phishing prevention

Support says eveything has been setup properly for this to work. How would you test that users would not be able to enter domain credentials into bogus site? 

L4 Transporter
Posts: 272
Registered: ‎04-03-2014

Re: Testing 8.0 Credential phishing prevention

I suggest you create a bogus user with a bogus password and test it.

L1 Bithead
Posts: 10
Registered: ‎01-27-2014

Re: Testing 8.0 Credential phishing prevention

That has been done.

The problem I run into is finding a url to test against. Unless someting is not setup correctly.

Real Example:

User get phish message asking them to fix thier O365 account due to unusual activity.

https://www.tasteofthewild.com.au. PA url filter categorizes as person blogs.

User goes to site and is allowed to put in domain creds.

Looking at URL monitor traffic is decrypted and no cred detected. Site has been SSL decrypted and the personal blogs category is set to block user credentail submission.

Maybe it has something to do with the bloom filters not getting propgated to firewall. Not sure how to tell. I was just hoping to get input from someone else already using this.

L1 Bithead
Posts: 10
Registered: ‎01-27-2014

Re: Testing 8.0 Credential phishing prevention

also this is somewhat confusing (from 8.0 Admin guide):

 

" The firewall automatically skips checking credential submissions for App-IDs associated with sites that have never been observed hosting malware or phishing content to ensure the best performance even if you enable checks in the corresponding category. The list of sites on which the firewall will skip credential checking is automatically updated via Application and Threat content updates."

 

Does this mean websites with a good reputation will be skippped from credential submit check , even if I have the category set to block cred submission?