PHISHING - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

PHISHING

Description:

VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY INTRODUCTION Identity Theft Number of phishing cases escalating in number Customers ... – PowerPoint PPT presentation

Number of Views:664
Avg rating:3.0/5.0
Slides: 28
Provided by: Clemson5
Category:

less

Transcript and Presenter's Notes

Title: PHISHING


1
PHISHING
VENKAT DEEP RAJAN SUMALATHA REDDY
KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY
2
INTRODUCTION
  • Identity Theft
  • Number of phishing cases escalating in number
  • Customers tricked into submitting their personal
    data

3
Phishing .. ?
  • Defined as the task of sending an email, falsely
    claiming to be an established enterprise in an
    attempt to scam a user into surrendering private
    information
  • Redirects user to a scam website, where the user
    is asked to submit his private data.
  • Derivation of the word phishing

4
Social Engineering Factors
  • Phishing attacks rely on a combination of
    technical deceit and social engineering practices
  • Phisher persuades the victim to perform some
    series of actions
  • Phisher impersonates a trusted source for the
    victim to believe

5
How does it look .. ?
  • Sophisticated e-mail messages and pop-up windows.
  • Official-looking logos from real organizations

6
A Phishing mail
7
Another example
8
Delivery Techniques
  • Mails or spams
  • Most common way and done by utilizing spam tools.
  • Web-sites
  • Embedding malicious content into the website.

9
Delivery Techniques
  • Redirecting
  • Cheat the customer to enter illicit website.
  • Trojan horse
  • Capturing home PCs and utilizing them to
    propagate the attacks.

10
Attack Techniques
  • Man-in-the-middle Attacks
  • URL Obfuscation Attacks
  • Cross-site Scripting Attacks
  • Preset Session Attack
  • Hidden Attacks

11
Man-in-the-middle Attacks
12
Cross-site Scripting Attacks
13
Preset Session Attack
14
Defensive mechanisms
  • Client-Side
  • Server-Side
  • Enterprise Level

15
Client-Side
  • Desktop Protection Technologies
  • Browser Capabilities
  • Digitally signed Emails
  • User-application level monitoring solutions

16
Desktop Protection Technologies
  • Local Anti-Virus protection
  • Personal Firewall
  • Personal IDS
  • Personal Anti-Spam
  • Spy ware Detection

17
Browser Capabilities
  • Disable all window pop-up functionality
  • Disable Java runtime support
  • Disable ActiveX support
  • Disable all multimedia and auto-play/auto-execute
    extensions
  • Prevent the storage of non-secure cookies

18
Digitally Signed Email
19
Server-side
  • Validating Official Communications
  • Strong token based authentication

20
Validating Official Communications
  • Digital Signatures
  • Visual or Audio personalization of email

21
Strong token based authentication
22
Enterprise Level
  • Mail Server Authentication
  • Digitally Signed Email
  • Domain Monitoring

23
Mail Server Authentication
24
Digitally Signed Email
25
Domain Monitoring
  • Monitor the registration of Internet domains
    relating to their organization
  • The expiry and renewal of existing corporate
    domains
  • The registration of similarly named domains

26
Conclusion
  • Understanding the tools and technologies
  • User awareness
  • Implementing Multi-tier defense mechanisms

27
References
  • Cyveillance the brand monitoring network
    www.cyveillance.com
  • http//www.technicalinfo.net/index.html
  • The phishing Guide www.ngssoftware.com
  • http//www.webopedia.com/TERM/P/phishing.html
  • http//www.wordspy.com/words/phishing.asp
  • Stutz, Michael (January 29, 1998). "AOL A
    Cracker's Paradise
  • http//www.technicalinfo.net/papers/Phishing.html
Write a Comment
User Comments (0)
About PowerShow.com