Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Google Safe Browsing InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Google Safe Browsing

Published: 2009-07-31
Last Updated: 2009-07-31 18:15:10 UTC
by Deborah Hale (Version: 1)
3 comment(s)

Last night one of our long time readers sent me an email that had a link to a Google Safebrowsing Diagnostics page for the my AS number. I was quite surprised when I opened the link and there plain as day were 2 of our customer's websites that had been Glumbar'ed.  Both of these had been previously discovered via an audit of our logs. In both cases I took the domains offline and contacted the customers. 

It is amazing the tools that are available on the web now to help you watch what is happening on your network. As part of my responsibility as the Security Administrator for my company I handle all of the abuse complaints.  I can tell you that, some weeks, is no easy task.  I have had weeks where all I got done was counseling customers on the use of Anti Virus/Malware protection and explaining why it is important to get their computer cleaned up.

I had one IP this week that I had received several abuse reports for.  I tracked down the customer and called him.  He told me he did not have an anti-virus program, anti-spyware program or firewall. He said he didn't need them, that he only visits safe websites.  I spent a bit of time on the phone with him and felt that I was not going to be able to convince him that there are no "safe websites".  I hung up from talking to him feeling like I had lost this one.  A short time later my phone rang, it was him eating humble pie.  He apologized, said that it was his computer and that he was going to format and reload the computer and he ABSOLUTELY was going to put some protection on the computer.

The tools that are available today can make things so much easier if you find and use them.  I have signed up for FBL's for as many ISP's as I can find. I have signed up for Microsoft's SDND reporting system, Spam Cop reports, as well as others. I check my domains on Trusted Source and Sender Base and try to stay on top of it. I monitor my ip's on our DShield site to see what you folks are submitting.  Sometimes it feels like a full time job.

I keep telling myself, if we all work together we can make this Internet - the World Wide Web a better, safer place for all of us.  I would like to hear about the tools you are using.  Anything that helps you manage your network better please let us know.

 

 Deb Hale Long Lines, LLC

Keywords: Google Browsing
3 comment(s)
Diary Archives