Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Don't Reinvent the Wheel | Main | Why the focus on best practices? »

Anti-Phishing Best Practices Report

The Messaging Anti-Abuse Working Group (MAAWG) and the Anti-Phishing Working Group (APWG) have published Anti-Phishing Best Practices for ISPs and Mailbox Providers. The report characterizes phishing messsages and makes recommendations for detecting and containing them. It also includes a section on how to best handle service support incidents.

The key topics include:
The nature of phishing attacks
Inbound protection schemes
Web traffic filtration
Outbound traffic filtration
Pharming and DNS cache poisoning attacks
Phishing and customer support calls
Communications with targets

The report describes methods for detecting and blocking, including Bayesian filters, which learn from examples, blacklists, fingerprinting schemes, which detect phishing-specific techniques, and URL based filters. In addition to these technieques, the report recommends using sender authentication when available and encouraging end users to employ client side filters.

The MAAWG and APWG report make the point that phishers often launch their attacks from comprimised computers so filtering outbound traffic can help reduce the volume of phishing attacks if any computers on your network have been comprimised.

Pharming is a variation on phishing that uses fraudulent DNS entries to redirect users to phishing sites. The fundamental vulernability lies in the trusting design of DNS. The report recommends providers keep thier DNS software up to date and access sites with certificates enabled.

Tags:    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on September 30, 2006 8:18 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/76

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net