Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX, how can we know users have access to unsecured websites?

Natthaphol
Here to help
‎Jun 24 2022 1:21 AM
‎Jun 24 2022 1:21 AM

MX, how can we know users have access to unsecured websites?

Dear all,

 

How can we know users have access to unsecured websites? Let's say that we do not block any categories in Content Filtering.

 

Thank you,

Natthaphol.

0 Kudos
Subscribe
5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jun 24 2022 2:03 AM
‎Jun 24 2022 2:03 AM

If you’re not blocking anything, either via content filtering or other methods, then your users have access to everything!

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
In response to DarrenOC
Natthaphol
Here to help
‎Jun 24 2022 3:21 AM
‎Jun 24 2022 3:21 AM

Understand, what if customer do not block anything and their users have accessed the know threat sites. Is there any report or information that the admin can verify?

0 Kudos
Subscribe
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Jun 24 2022 2:55 AM
‎Jun 24 2022 2:55 AM

What exactly is meant by "unsecured websites"? Sites without SSL- / TLS decryption?

0 Kudos
Subscribe
In response to CptnCrnch
Natthaphol
Here to help
‎Jun 24 2022 3:19 AM
‎Jun 24 2022 3:19 AM

Hacker, Malware, Spyware, Social Engineering, Bot, Ransomeware, etc. Websites.

0 Kudos
Subscribe
In response to Natthaphol
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Jun 24 2022 5:23 AM
‎Jun 24 2022 5:23 AM

You'd see these only when actually blocking the connection.

 

I don't think there's an easy option for that. You could theoretically send URL events via Syslog (https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Event_Types_...), parse these URLs and parse TALOS reputation center (https://talosintelligence.com/reputation_center/) for the resulting category. Don't know if they'd block access if used extensively though. 🙂

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.