Advanced Threat Protection Part 3: Safe Links

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Welcome back, Siberians to the M s 3 65 Security Administration course.
00:05
I'm your starter, Jim Daniels
00:07
and I am super excited.
00:09
Super Super Excited
00:11
to continue Model three in mystery 65. Threat Protection lesson to 80 p. Part three. Safe links
00:20
in this lesson was all about safe links,
00:22
functionality management, policy creation and user experience.
00:26
The last lesson was about safe attachments.
00:29
This lesson is about safe links.
00:32
Safe Links is a feature in a teepee that protects users from malicious URLs that are noted to be used in fishing campaigns.
00:41
When we kiss, clicked in the email or document
00:44
safe links checks to see if the link is malicious by redirecting the Ural to a secure server in the industry 65 environment
00:54
that checks the euro against a block list of malicious ones
00:59
Top right, we can see the website has been classified as malicious.
01:03
The one below is yellow is being scan. So when you have safe links enable this is a user experience.
01:10
They click on the link that says, uh, this is a pretty badly feel you shouldn't could on this is gonna be bright red.
01:17
We have that red scream and dune right in their face.
01:21
Depending on the policy,
01:23
they can click past it
01:25
or not
01:26
again, that's your policy.
01:27
If they quick on something that says, Hey, we don't know about this quite yet filled, Slow down.
01:33
Just gonna say is being scan.
01:34
Then they can wait and go back to it.
01:37
It will either be okay.
01:38
Oh, good rights is the site. We'll have that red screen and doom again
01:44
as far as the user experience.
01:46
I really love safe links
01:48
because it catches a user
01:49
users browsing and clicking on stuff
01:53
and they get that red screen is going to catch their attention.
01:57
We've had safe links for a few years now in our environment.
02:00
Only one time I've had a user ignored the rich ones,
02:07
no matter what you do.
02:09
Biggest
02:10
fanger and threat for security is
02:14
the human Bangor.
02:16
However,
02:17
the rest screaming doom
02:20
99 times out of 100 works in the usual back out and put a ticket.
02:25
Let's look at creating some of the safe links policies,
02:30
permission requirements. This looks familiar to safe attachments. Exchange online, ad man and security Adnan Global at man
02:37
set up a location, securing compliance center
02:39
prefer, as everything is going there, exchange and in center for now
02:45
and also power show
02:46
an organization has 80 p enable and extend. It will have a default 80 p safe links policy automatically created that applies to everyone in the organization
02:57
right out of the box.
02:59
So if we go to a new safe links policy, you have a standard name description
03:05
you have all for one
03:07
with this, if you go toe off, I mean, why even create the policy?
03:12
Right?
03:13
So that's where the actions at safe links. That's why you have safe links. To start with
03:19
you safe attachments to scan downloadable content, safe links works and attain them with safe attachments.
03:27
Apply safe links to messages sent within the organization.
03:30
So if you have somebody on the inside whose accounts compromised,
03:36
if this isn't checked, they could send out malicious links and safe links. Your policy will not rewrite and check those links.
03:43
So we had that checked here.
03:45
Do not track when a user clicks safe links.
03:50
This is your preference. If you want to track it to start with, you kind of see how many are out there.
03:54
You can
03:57
do not let users quick through to the original euro.
04:00
This is the important one.
04:02
I don't know why you would allow your users to click through.
04:06
Maybe it's a policy for certain high level users. I don't know,
04:12
however, if you want to allow them to click through,
04:15
just like with some of the tool tips on Deal P and other compliance policies where they can justify, You gonna let them do that?
04:24
You also have the option to do not rewrite the following your else.
04:29
So if there is a certain domain, certain website,
04:32
you're 100% trusting them. You can put that here, and anything that has a link
04:39
based off of that will not be rewritten. Will bypass to, say Frank's policy.
04:45
Here's your table of power. Shell commands again. Get set. New remove.
04:50
Keep that in mind.
04:53
Get set. New rumors,
04:55
Safeways policy
04:56
say, for his role
04:58
save attachment policy safe. Cashman's role
05:01
policy.
05:03
You see the correlation. Just have to learn a few things.
05:06
It almost doesn't. You can answer questions about two dozen power show commands as it relates to safe wind policies and safe attachment policies
05:15
to modify an existence, say Frank's policy.
05:18
You just click on the policy,
05:20
and you can go through and set some of the same settings and change them that you set when you originally created policy.
05:29
Pretty simple,
05:30
faithfully policy types.
05:33
Entire organization is default policy
05:38
specific users. That's when you create another policy
05:42
after your default ones already enabled So specific users you can specify users, groups domains that a policy applies to.
05:50
There are a couple caveats as it comes a safe links. If you want to do a custom block, you are a list
05:57
asked me. Done the default policy
06:00
if you want to. A custom, do not rewrite euro
06:03
asked be done in a
06:05
non default, non entire organization.
06:10
And even though the policy says it applies to specific users, you can still set that to apply to your whole domain.
06:17
So this way you can have a default
06:20
policy to set custom blood euros and also a
06:25
catch. All. Do not rewrite your oil policy that applies to your whole organization.
06:30
You just have to set the scope according
06:34
safe links. Additional configuration option.
06:38
Remember how with attachments safe attachment. There was a bypass rule.
06:42
Same thing here
06:43
you set your head or two.
06:45
The XMS exchange organizations skipped safe links processing.
06:49
You can do the custom block list.
06:51
It's found default or policy. Lockwood just discussed entering the euros to be blocked,
06:58
and when they're here,
06:59
a warning pages displayed.
07:00
You can also use well cars to specify sub domains of that domain.
07:06
You do a custom. Do not rewrite list as within the specific user policy.
07:12
It allows users and groups to visit blocked euros.
07:16
So if you have a custom blood list of the domain Microsoft dot com, however, you want somebody in person to be able to visit like herself dot com
07:28
In your default organisation policy, you put my herself dot com as he blocked
07:32
domain.
07:33
However, you set up a specific user policy.
07:36
You set a scope to purchasing,
07:40
and then you put like yourself dot com. Indeed, do not rewrite your old section
07:46
this way. People in the parks a single room
07:47
can visit Microsoft dot com, whereas no one else in your organization can.
07:53
In user experience, someone sends a message that has a euro in it.
07:58
It initially goes through and time out where pipe on that. We discussed a few lessons ago.
08:01
If it passes, the initial checks still over to the inbox
08:05
usually gets the message. Clicks on the euro
08:09
Quit you are a was redirected to a secure server sandbox where is checked against a block list of known malicious sites
08:18
from here. If it's safe
08:20
browser lows the euro
08:22
it is malicious.
08:24
The red screen and doomed warning pages displayed
08:28
depending on whether you have the option to allow the user to click through
08:33
will be whether their journey ends of that read pages doing. Or they can click on it to proceed to the malicious tank page.
08:41
Quiz
08:43
The default Safe links policy applies to the entire organization and allows a custom block list
08:50
for you or else
08:52
true
08:52
were false.
08:54
You talk about it pretty extensively.
08:56
This is one of those things that I would definitely recommend
09:00
to know.
09:03
True story. Yeah, true story.
09:05
Um, it does allow you to do the custom block list. Remember,
09:09
the default
09:09
has a custom year old block,
09:13
whereas the
09:13
Customs Specific user group
09:16
allows you to write the do not rewrite.
09:22
To recap the lesson about safe links.
09:24
It's a feature in a teepee that protects users from malicious euros there noticed be used in fishing campaigns.
09:33
The default policy applies to the entire organization is enabled by default and allows customization of a blunt your Oeste.
09:41
Additional policies could be applied to a scope of users and groups
09:46
with custom. Do not rewrite your Ellis.
09:48
I hope you've learned a little bit about the safe links feature within 03 65 80 p.
09:54
Thank you for joining me. I hope to see for the next lesson take care.
Up Next