1 / 21

A Practical Approach to Manage Phishing Incident with URL Filtering

A Practical Approach to Manage Phishing Incident with URL Filtering. Kasom Koth-Arsa , Surachai Chitpinityon , Julllawadee Maneesilp Kasetsart University, Bangkok, Thailand. Agenda. Introduction Objective Phishing Management System Conclusion. Introduction. What is Phishing?

hieu
Download Presentation

A Practical Approach to Manage Phishing Incident with URL Filtering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Practical Approach to Manage Phishing Incident with URL Filtering KasomKoth-Arsa, SurachaiChitpinityon, JulllawadeeManeesilp Kasetsart University, Bangkok, Thailand.

  2. Agenda • Introduction • Objective • Phishing Management System • Conclusion

  3. Introduction • What is Phishing? • Why Phishing is important? • Who are our concern about Phishing?

  4. What is Phishing? • Phishing is an online form of deception • Attacker pretends to be someone else • To obtain sensitive information from the victim

  5. Why phishing is important? • A serious threat to Internet usage • Growing very fast • Frauds that affect many websites and organizations • More advanced and complex techniques • to convert the organization websites to the seemingly trusted financial websites to gain confidential user information.

  6. Who are our concern about phishing? • One of the most attacked organizations is education institution. • Organize their network systems by dividing into many sub-departments. • This hierarchical structure causes challenge in management effectiveness and network-security enforcement.

  7. UniNet UniNet • Largest university network provider in Thailand running by Ministry of Education • 1Gbps and 10Gbps link countrywide • UniNet has 431 member institutes • 240 Universities • 134 Vocational School • 57 Primary School • 100,000 plus users Phishing becomes a serious problem!

  8. Objective • Developing a phishing management solution which covers to handle the whole anti-phishing processes for UniNet • Systematic procedure • Fast response • Tracking, monitoring and collecting phishing information • Intelligent URL Filtering system to enforce the blocking specified URL • Block only the phishing URL, not the whole site

  9. Phishing Management System • System Module • Account Management • Ticket Management • Web Filtering • Interaction Diagram • Use Case Diagram • System Configuration

  10. System Module Account Management Incident Management Tracker & Reporter Ticket Management Account Database PhishingDatabase URL Filtering

  11. Account Management Module • Users must register with our system before report the phishing website • Using the following information: • Full name • Company • E-mail • Username • Password • Identification procedure

  12. Ticket management module Ticket management • Manage Phishing events • Easy to manage and track incidents using ticket status Incident management Tracking & Reporting Created Opened Verified Deleted Canceled Blocked Site Take Down Closed

  13. URL Filtering (Web Screen) • Phishing system can block/unblock web access to the phishing site through the URL filtering system. URL Filtering TCP Session Hijacking Technique • Intercept HTTP request Inject forged HTTP reply Block or redirect access of any given URL

  14. ?  ? Gateway Internet 1 2 2 Client   3 Filtering Engine Pass-by URL Filtering • Traffics are captured and passed by without queuing • Zero delay, independent from traffic volume • Ease of Installation (No Traffic Interruption) • Non Blocking Traffic Stream • No Single Point of Failure • Scalable

  15. SYN J SYN K , ACK J+1 ACK K+1 Data (HTTP request) FINL Data (reply) TCP Session Hijacking Filtering Client Server Faked FIN by Filtering Engine Packet will be ignored

  16. Interaction Diagram UniNetAdministrator Web Filtering Engine UniversityAdministrator Company Report a phishing URL (open a ticket) Verify URL Block the phishing URL The ticket is set to canceled Inform the corresponding universityadministrator to investigate the incident Server investigation/cleaning Inform that the server already clean Re-verify the URL Cancel the blocking of the URL Close the ticket, inform both party

  17. Use Case Diagram UniversityAdministrator Company Create ticket View ticket Create Account Notify incident cleared Change ticket status Manage Account Block/ unblock URL UniNetAdministrator

  18. System Configuration UniNet Network Internet 10G Gateway Backbone 10G 10G 1G 10G SPAN 1G 1G 1G management Phishing Management Phishing Filtering Engine

  19. User Ticket Tracking Screenshot

  20. Conclusion • Phishing Management System is now initial deploy on UniNet Infrastructure • Enable UniNet to response quicker to phishing incident • Enable a statistic logging that helps UniNet anticipate the future problem and improve network security • Design for handle 10Gbps Network (need some more hardware to complete)

  21. Thank you.

More Related