Methods to Check for Corporate Credential Submissions
Before you Set
Up Credential Phishing Prevention, decide which method you want
the firewall to use to check if credentials submitted to a web page
are valid, corporate credentials.
Method to Check Submitted Credentials | User-ID Configuration Requirements | How does this method
detect corporate usernames and/or passwords as users submit them
to websites? |
---|---|---|
Group
Mapping | Group
Mapping configuration on the firewall | The firewall determines if the username
a user submits to a restricted site matches any valid corporate
username. To do this, the firewall matches the submitted username
to the list of usernames in its user-to-group mapping table to detect
when users submit a corporate usernames to a site in a restricted category. This
method only checks for corporate username submissions based on LDAP
group membership, which makes it simple to configure, but more prone to
false positives. |
IP User Mapping | IP-address-to- username mappings identified through User
Mapping, GlobalProtect, or Authentication
Policy and Captive Portal. | The firewall determines if the username
a user submits to a restricted site maps to the IP address of the
logged-in user. To do this, the firewall matches the IP address
of the logged in user and the username submitted to a web site to
its IP-address-to-user mapping table to detect when users submit
their corporate usernames to a site in a restricted category. Because
this method matches the IP address of the logged-in user associated
with the session against the IP-address-to-username mapping table,
it is an effective method for detecting corporate username submissions,
but it does not detect corporate password submission. If you want
to detect corporate username and password submission, you must use the
Domain Credential Filter method. |
Domain Credential
Filter | Windows-based User-ID agent configured with
the User-ID credential service add-on - AND - IP-address-to- username mappings identified through User
Mapping, GlobalProtect, or Authentication
Policy and Captive Portal. | The firewall determines if the username
and password a user submits matches the same user’s corporate username
and password. To do this, the firewall must able to match
credential submissions to valid corporate usernames and passwords
and verify that the username submitted maps to the IP address of
the logged in user as follows:
To learn more how the domain credential
method works, and the requirements for enabling this type of detection,
see Configure
Credential Detection with the Windows-based User-ID Agent. |
Recommended For You
Recommended Videos
Recommended videos not found.