Phishing and Intrusion Prevention - PowerPoint PPT Presentation

1 / 5
About This Presentation
Title:

Phishing and Intrusion Prevention

Description:

... SMTP for suspicious e-mail messages, very similar to existing anti-spam solutions. ... Web content and uses behavior-based filters for signs of forgery. ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 6
Provided by: todb
Category:

less

Transcript and Presenter's Notes

Title: Phishing and Intrusion Prevention


1
Phishing and Intrusion Prevention
  • Tod Beardsley,TippingPoint (a division of
    3Com),02/15/06 IMP-201

2
The Phishing Campaign
  • Phishers leverage social engineering, technical
    trickery, and a number of protocols harvest
    personal financial data and account information.

Retrieves stolen information
Compromises a host and installs a phish Web
site and mass mailer
Information Transmitted to Drop
Sends out phishing e-mail
Victim clicks a phish URL
Phish Web site is viewed
Victim submits information
3
Point Defense
  • E-mail (SMTP) Defenses
  • Monitor SMTP for suspicious e-mail messages, very
    similar to existing anti-spam solutions.
  • Problematic when dealing with extremely terse
    messages, or messages designed specifically to
    evade anti-spam.
  • Web (HTTP) Defenses
  • Usually depend on blacklists of IP addresses.
  • Sometimes, evaluate content to score for
    phishiness.
  • PC Anti-Virus
  • Not helpful when malware is not involved (and
    its usually not).

4
Social Defense
  • User Education
  • The victim is attacked while in a vulnerable
    emotional state.
  • Phishing e-mail uses fear and anxiety very
    effectively.
  • Normal customer service mail is already
    misleading.
  • HTML markup, image tags, and redirects are
    common.
  • A common misunderstanding of SSL has all but
    ruined SSL as a protective mechanism.
  • Legislative Remedies
  • Perpetrators are often outside the victims
    jurisdiction.
  • Crime can go undetected for weeks, months, or
    years.

5
Network Defense through Intrusion Prevention
  • Initial Web Site Compromise
  • TippingPoint IPS protects vulnerabilities in Web
    sites and servers
  • 2. Mass Phishing E-Mail
  • TippingPoint IPS utilizes behavior-based
    filters, content inspection, and pattern-matching
    signatures to block
  • Victim Clicks on Misleading URL
  • The URL itself and the corresponding DNS query
    is evaluated to determine if it is linking to a
    legitimate or fraudulent site
  • 4. Phish Web Site is Displayed
  • Web site is evaluated for exploited
    vulnerabilities. IPS inspects Web content and
    uses behavior-based filters for signs of forgery.
  • 5. Victim Submits Account Information
  • If information is submitted to a suspected
    phishing site, the IPS will block the
    information transfer.


Phisher
1
Compromises a host and installs a phish Web Site
and mass mailer
2
Sends out phishing e-mail
3
Victim clicks a phish URL
4
Phish Web site is viewed
Victim Web Server
5
Victim submits information
Victim Users
Write a Comment
User Comments (0)
About PowerShow.com