Blocking Is Not Just For Football-Part 2

On Wednesday we looked at IP blocking and geo-blocking as cybersecurity tactics.  Today we finish our review of blocking techniques with sender blocking and domain blocking.

Sender Blocking

Many of us are familiar with sender blocking.  Blocking an email sender, and adding them to our sender blacklist, is one of the ways that spam and phishing email filtering works.  Modern spam filters also analyze content and subject lines for keywords that might indicate the email is more likely to be spam.  Some systems will analyze and block attachments and embedded web links as well.

The problem with blocking a specific sender, or a specific SMTP (sending) email server, is that senders are often innocent victims with hijacked email accounts, and the SMTP server that is being used to send spam or phishing attacks may be hijacked as well.  Since these accounts and servers are frequently changed by the attacker, blocking or blacklisting is often only temporarily valuable.  Subscribing to an email filtering service that provides updated email blacklisting is the most effective way to manage this threat.

Sender blocking offers no defense against the tough to detect impersonation email exploit.  This is when an email is sent to you from the legitimate, but hijacked account of someone known to you, such as a boss, coworker, client, or friend.  Since the sender is known to you, and the email account is recognized, and even possibly whitelisted in your email filtering system, these attacks sail right through into your inbox. The only defense at this point is vigilance and skepticism.  Watch for changes in syntax or word choice that would be unusual for your contact.  Sender blocking works well against many email exploits, but not this one.

Domain Blocking

This is also known as web filtering.  A quite effective security tool is to run all of your inbound and outbound Internet traffic through a proxy service.  Traffic coming to computers on your network is analyzed, and any malicious content is blocked.  Traffic leaving your network is analyzed for connection requests to sites that may be malicious, or just not suitable for the workplace.  It can include blocking social media sites such as Facebook in an attempt to limit employee time-wasting.  (Good luck with that by the way, your employees all have smartphones they can use for time-wasting)

For individuals, domain blocking can sometimes be accomplished through web browser security settings.  For Windows computers using Microsoft browsers, this can be set in the Control Panel applet called Internet Options.  Blacklisting is sometimes available on endpoint anti-malware software products (anti-virus).  If you are setting up domain blocking manually, add your domains using this syntax:  domainexample.com rather than www.domainexample.com.  This way you will block all the subdomains of a site as well (i.e. scam.domainexample.com)

For more detail, check out the links below.

More information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.