Testing 8.0 Credential phishing prevention

cancel
Showing results for 
Search instead for 
Did you mean: 

Testing 8.0 Credential phishing prevention

L2 Linker

Support says eveything has been setup properly for this to work. How would you test that users would not be able to enter domain credentials into bogus site? 

26 REPLIES 26

L7 Applicator

I suggest you create a bogus user with a bogus password and test it.

That has been done.

The problem I run into is finding a url to test against. Unless someting is not setup correctly.

Real Example:

User get phish message asking them to fix thier O365 account due to unusual activity.

https://www.tasteofthewild.com.au. PA url filter categorizes as person blogs.

User goes to site and is allowed to put in domain creds.

Looking at URL monitor traffic is decrypted and no cred detected. Site has been SSL decrypted and the personal blogs category is set to block user credentail submission.

Maybe it has something to do with the bloom filters not getting propgated to firewall. Not sure how to tell. I was just hoping to get input from someone else already using this.

also this is somewhat confusing (from 8.0 Admin guide):

 

" The firewall automatically skips checking credential submissions for App-IDs associated with sites that have never been observed hosting malware or phishing content to ensure the best performance even if you enable checks in the corresponding category. The list of sites on which the firewall will skip credential checking is automatically updated via Application and Threat content updates."

 

Does this mean websites with a good reputation will be skippped from credential submit check , even if I have the category set to block cred submission?

Dkordyban,

 

This must be why it did not work for me. Phishing website was in the education category but it was obivously phishing. I tested it with a phony account and never triggered the Cred check.

 

Thanks,

RG

I know this thread is a little old, but what groups do you have in your Allowed RODC password replication policy?  I think we may be running into the same issue. @dkordyban 

I have domain users in the group. It appears to work for me now. Not sure what changed. Maybe it just needed some more time.

Hello,

 

How did you test to see if it worked?

 

Thanks,

RG

Went to netflix.com and and tried domain creds.

I thought it would skip that website. Going to give that a try right now. Also, are you running an SSL decryption profile?

 

" The firewall automatically skips checking credential submissions for App-IDs associated with sites that have never been observed hosting malware or phishing content to ensure the best performance even if you enable checks in the corresponding category. The list of sites on which the firewall will skip credential checking is automatically updated via Application and Threat content updates."

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!