Methods to Check for Corporate Credential Submissions
This table describes three corporate credential detection
methods and the corresponding User-ID configuration requirements
necessary to enable each method.
Where can I use
this? | What do I need? |
---|---|
|
|
Before you enable credential
phishing prevention, decide which method you want to use
to check if valid corporate credentials have been submitted to a
web page.
Method to Check Submitted Credentials | User-ID Configuration Requirements | How does this method
detect corporate usernames and/or passwords that users submit to websites? |
---|---|---|
Group Mapping | Group Mapping configuration
on the firewall | The firewall checks to determine if the
username a user submits to a restricted site matches any valid corporate
username. To do this, the firewall matches the submitted username
to the list of usernames in its user-to-group mapping table to detect
when users submit corporate usernames to sites in a restricted category. This
method only checks for corporate username submissions based on LDAP
group membership, which makes it simple to configure, but more prone
to false positives. |
IP User Mapping | IP address-to- username mappings identified through User Mapping, GlobalProtect, or Authentication Policy and Authentication
Portal. | The firewall checks to determine if the
username a user submits to a restricted site maps to the IP address of
the login username. To do this, the firewall matches the IP
address of the login username and the username submitted to a web
site to its IP address-to-user mapping table to detect when users
submit their corporate usernames to sites in a restricted category. Because
this method matches the IP address of the login username associated
with the session against the IP address-to-username mapping table,
it is an effective method for detecting corporate username submissions,
but it does not detect corporate password submission. If you want
to detect corporate username and password submission, you must use
the Domain Credential Filter method. |
Domain Credential Filter | Windows User-ID agent configured with the
User-ID credential service add-on - AND - IP address-to- username mappings identified through User Mapping, GlobalProtect, or Authentication Policy and Authentication
Portal. | The firewall checks to determine if the
username and password a user submits match the same user’s corporate
username and password. To do this, the firewall must be able
to match credential submissions to valid corporate usernames and passwords
and verify that the username submitted maps to the IP address of
the login username as follows:
To learn more how the domain credential
method works and the requirements for enabling this type of detection,
see Configure
Credential Detection with the Windows-based User-ID Agent. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.