a p ractical a pproach to m anage p hishing i ncident with url f iltering kasom koth-arsa, surachai...
Post on 29-Mar-2015
215 Views
Preview:
TRANSCRIPT
A PRACTICAL APPROACH TO MANAGE PHISHING INCIDENT WITH URL FILTERING
Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp
Kasetsart University, Bangkok, Thailand.
AGENDA
IntroductionObjectivePhishing Management System Conclusion
INTRODUCTION
What is Phishing?Why Phishing is important? Who are our concern about
Phishing?
WHAT IS PHISHING?
Phishing is an online form of deception
Attacker pretends to be someone elseTo obtain sensitive information from
the victim
WHY PHISHING IS IMPORTANT?
A serious threat to Internet usageGrowing very fastFrauds that affect many websites
and organizationsMore advanced and complex
techniques to convert the organization websites to the
seemingly trusted financial websites to gain confidential user information.
WHO ARE OUR CONCERN ABOUT PHISHING?
One of the most attacked organizations is education institution.
Organize their network systems by dividing into many sub-departments.
This hierarchical structure causes challenge in management effectiveness and network-security enforcement.
UNINET Largest university network provider in Thailand running by Ministry of Education 1Gbps and 10Gbps link
countrywide UniNet has 431
member institutes 240 Universities 134 Vocational School 57 Primary School
100,000 plus users
Phishing becomes a serious problem!
UniNet
OBJECTIVE
Developing a phishing management solution which covers to handle the whole anti-phishing processes for UniNet Systematic procedureFast responseTracking, monitoring and collecting
phishing information Intelligent URL Filtering system to enforce
the blocking specified URLBlock only the phishing URL, not the whole
site
PHISHING MANAGEMENT SYSTEM
System ModuleAccount ManagementTicket ManagementWeb Filtering
Interaction DiagramUse Case DiagramSystem Configuration
SYSTEM MODULE
Incident Management
Tracker & Reporter
URL Filtering
Account Management
Account Database
PhishingDatabase
Ticket Management
ACCOUNT MANAGEMENT MODULE
Users must register with our system before report the phishing website
Using the following information: Full name Company E-mail Username Password
Identification procedure
TICKET MANAGEMENT MODULE
Manage Phishing events
Easy to manage and track incidents using ticket status
Ticket management
Incident management
Created
Deleted
Tracking & Reporting
Opened
Verified
Canceled
Blocked
Site Take Down
Closed
URL FILTERING (WEB SCREEN)
Phishing system can block/unblock web access to the phishing site through the URL filtering system.
URL Filtering
TCP Session Hijacking Technique
Intercept HTTP request
Inject forged HTTP replyBlock or redirect access of any given URL
PASS-BY URL FILTERING
Traffics are captured and passed by without queuing Zero delay, independent from traffic volume
Ease of Installation (No Traffic Interruption)
Non Blocking Traffic Stream
No Single Point of Failure Scalable
Gateway
Filtering Engine
Client
Internet
3
??
1 2
2
TCP SESSION HIJACKINGFiltering
SYN J
SYN K , ACK J+1
ACK K+1
FIN L
Client Server
Data (HTTP request)
Data (reply)
Packet will be ignored
Faked FIN by Filtering Engine
INTERACTION DIAGRAM
CompanyUniNet
AdministratorUniversity
AdministratorWeb Filtering
Engine
Block the phishing URL
Inform the corresponding university administrator to investigate the incident
Re-verify the URLCancel the blocking of the URL
The ticket is set to canceled
Server investigation/cleaning
Close the ticket, inform both party
Inform that the server already clean
Report a phishing URL (open a ticket)Verify URL
USE CASE DIAGRAM
Company
UniNetAdministrator
UniversityAdministrator
Create
ticket
Manage Account
Block/unblock URL
View ticket
Change
ticket status
Notify incident cleared
Create Account
SYSTEM CONFIGURATION
Gateway
Phishing Filtering Engine
Internet UniNet
Network Backbone
Phishing Management
10G
10G 10G
10G
1G
1G
1G
1G
SPAN
management
USER TICKET TRACKING SCREENSHOT
CONCLUSION
Phishing Management System is now initial deploy on UniNet InfrastructureEnable UniNet to response quicker to
phishing incidentEnable a statistic logging that helps UniNet
anticipate the future problem and improve network security
Design for handle 10Gbps Network (need some more hardware to complete)
THANK YOU.
top related