cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Password Reuse testing

I need to test #password_reuse function on SandBlast Agent for browser, but I can not find enough information about it. My client computer is in AD domain, I've  entered into my internal RDWeb Access page with AD credentials few times to make my Agent store my password, but I still can use it anywhere in internet without alerting or logging. What makes SBA for browser record my internal password and in what situation it would alert/log? (Policy is configured correctly and SandBlast Agent for browser is installed automaticaly after installing SandBlast Agent dwonloaded from SmartEndpoint Server -> Packages For Export.)

10 Replies
Admin
Admin

Re: Password Reuse testing

Have you configured Protected Domains by chance?

Credentials entered in these sites on a web browser are the ones that are tracked.

Refer to: R77.30.03 Endpoint Security Administration Guide 

0 Kudos

Re: Password Reuse testing

Yes, my Domain is in Protected Domains list in Zero Phishing settings.

0 Kudos
Employee
Employee

Re: Password Reuse testing

Hi Serhii,
please find bellow the information about the Password Reuse functionality and use:

The basic flow of the “Password Reuse” feature is as follows:

  1. The admin defines the protected corporate domains in SBA4B policy.
  2. A user submits his/her credentials in a form that belongs to one of the protected domains.
  3. The password hash will be taken (sha256, hmac) and saved in local browser storage
  4. Once the user will use the same password in a non-protected domain, the system will trigger according to configuration (log, usercheck)

    It is importent to note point#2 - the user must enter his credentials of the protected domain after the domain was add to the protected domains, and the configuration was synced to the extension.
    there is no integration with AD, so the extension "learns" the password it needs to protect once the user type them in the a protected domain web site
0 Kudos

Re: Password Reuse testing

Hi, Ziv
I have configured SBA4B policy, added my domain to pretected domains list, made my computer a domain member and after that installed CheckPoint SBA4B on my machine (with installer which was downloaded from SmartEndpoint Server). Is it possible that SBA4B does not recognize site as protected domain's one if there is an error with certificate or if I address it with IP in URL string?

Thank You for answering.

0 Kudos
Employee
Employee

Re: Password Reuse testing

Hi,
The extension domain need an exact domain match according to the protected domain list,
if you will use IP instead of the domain name the password reuse will not be triggered.

0 Kudos
Olga_Kuts
Silver

Re: Password Reuse testing

Hi, Ziv!

Tell me, please, if we clear browser cache - will SandBlast Extension recognize the domain password, or we need to re-enter it on the domain site again?

0 Kudos
Admin
Admin

Re: Password Reuse testing

Pretty sure the answer to this is no as it wouldn't make sense to use the browser cache for this (which may not cache the password anyway).

0 Kudos
Employee
Employee

Re: Password Reuse testing

Hi Olga,

clearing the browser cache won't delete the extension data, so the extension will still recognize the domain passwords

Re: Password Reuse testing

Hi.

Anyone who knows how to "exclude" domain. For example. The user have the same password in the local domain and in "portal.office.com" (Office 365 login portal)
That is because the local AD syncs credentials with MS 365.

So they have to use the same credentials on local domain and MS 365.
So when the user tries to logon to Office 365 portal, they get the message saying they are using corporate password... and they have to do that....

So if anyone know a way to exclude some domain (white list) it would be good..

Thanks, Tobias

Re: Password Reuse testing

Hi again. 

My misunderstanding.

Just add those domains in "Protected Domains" and it will work just fine Smiley Happy

0 Kudos