phishing and intrusion prevention tod beardsley, tippingpoint (a division of 3com), 02/15/06 –...
TRANSCRIPT
![Page 1: Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e175503460f94b022ce/html5/thumbnails/1.jpg)
Phishing and Intrusion PreventionPhishing and Intrusion Prevention
Tod Beardsley,TippingPoint (a division of 3Com),
02/15/06 – IMP-201
Tod Beardsley,TippingPoint (a division of 3Com),
02/15/06 – IMP-201
![Page 2: Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e175503460f94b022ce/html5/thumbnails/2.jpg)
The Phishing Campaign
• Phishers leverage social engineering, technical trickery, and a number of protocols harvest personal financial data and account information.
Phisher
Victim Web Server Victim Users
Sends out phishing e-mail
Victim clicks a phish URL
Phish Web site is viewed
Victim submits information
Compromises a hostand installs a phish Web siteand mass mailer
Mail Drop Service
Informatio
n Transmitted to
Drop
Retrieves stolen information
![Page 3: Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e175503460f94b022ce/html5/thumbnails/3.jpg)
Point Defense
• E-mail (SMTP) Defenses
— Monitor SMTP for suspicious e-mail messages, very similar to existing anti-spam solutions.
— Problematic when dealing with extremely terse messages, or messages designed specifically to evade anti-spam.
• Web (HTTP) Defenses
— Usually depend on blacklists of IP addresses.
— Sometimes, evaluate content to score for phishiness.
• PC Anti-Virus
— Not helpful when malware is not involved (and it’s usually not).
![Page 4: Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e175503460f94b022ce/html5/thumbnails/4.jpg)
Social Defense
• User Education
— The victim is attacked while in a vulnerable emotional state.
• Phishing e-mail uses fear and anxiety very effectively.
— Normal customer service mail is already misleading.
• HTML markup, image tags, and redirects are common.
— A common misunderstanding of SSL has all but ruined SSL as a protective mechanism.
• Legislative Remedies
— Perpetrators are often outside the victim’s jurisdiction.
— Crime can go undetected for weeks, months, or years.
![Page 5: Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e175503460f94b022ce/html5/thumbnails/5.jpg)
Network Defense through Intrusion Prevention
1. Initial Web Site Compromise
TippingPoint IPS protects vulnerabilities in Web sites and servers 2. Mass Phishing E-Mail
TippingPoint IPS utilizes behavior-based filters, content inspection, and pattern-matching signatures to block
3. Victim Clicks on Misleading URLThe URL itself and the corresponding DNS query is evaluated to determine if it is linking to a legitimate or fraudulent site
4. Phish Web Site is DisplayedWeb site is evaluated for exploited vulnerabilities. IPS
inspects Web content and uses behavior-based filters for signs of forgery. 5. Victim Submits Account Information
If information is submitted to a suspected phishing site, the IPS will block the information transfer.
Phisher
Victim Web Server
Victim Users
Sends out phishing e-mail
Victim clicks a phish URL
Phish Web site is viewed
Victim submits information
Compromises a hostand installs a phish Web Site and mass mailer
1
2
3
4
5