Blocking Is Not Just For Football-Part 2

On Wednesday we looked at IP blocking and geo-blocking as cybersecurity tactics.  Today we finish our review of blocking techniques with sender blocking and domain blocking.

Sender Blocking

Many of us are familiar with sender blocking.  Blocking an email sender, and adding them to our sender blacklist, is one of the ways that spam and phishing email filtering works.  Modern spam filters also analyze content and subject lines for keywords that might indicate the email is more likely to be spam.  Some systems will analyze and block attachments and embedded web links as well.

The problem with blocking a specific sender, or a specific SMTP (sending) email server, is that senders are often innocent victims with hijacked email accounts, and the SMTP server that is being used to send spam or phishing attacks may be hijacked as well.  Since these accounts and servers are frequently changed by the attacker, blocking or blacklisting is often only temporarily valuable.  Subscribing to an email filtering service that provides updated email blacklisting is the most effective way to manage this threat.

Sender blocking offers no defense against the tough to detect impersonation email exploit.  This is when an email is sent to you from the legitimate, but hijacked account of someone known to you, such as a boss, coworker, client, or friend.  Since the sender is known to you, and the email account is recognized, and even possibly whitelisted in your email filtering system, these attacks sail right through into your inbox. The only defense at this point is vigilance and skepticism.  Watch for changes in syntax or word choice that would be unusual for your contact.  Sender blocking works well against many email exploits, but not this one.

Domain Blocking

This is also known as web filtering.  A quite effective security tool is to run all of your inbound and outbound Internet traffic through a proxy service.  Traffic coming to computers on your network is analyzed, and any malicious content is blocked.  Traffic leaving your network is analyzed for connection requests to sites that may be malicious, or just not suitable for the workplace.  It can include blocking social media sites such as Facebook in an attempt to limit employee time-wasting.  (Good luck with that by the way, your employees all have smartphones they can use for time-wasting)

For individuals, domain blocking can sometimes be accomplished through web browser security settings.  For Windows computers using Microsoft browsers, this can be set in the Control Panel applet called Internet Options.  Blacklisting is sometimes available on endpoint anti-malware software products (anti-virus).  If you are setting up domain blocking manually, add your domains using this syntax:  domainexample.com rather than www.domainexample.com.  This way you will block all the subdomains of a site as well (i.e. scam.domainexample.com)

For more detail, check out the links below.

More information:

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.