a practical approach to manage phishing incident with url filtering
DESCRIPTION
A Practical Approach to Manage Phishing Incident with URL Filtering. Kasom Koth-Arsa , Surachai Chitpinityon , Julllawadee Maneesilp Kasetsart University, Bangkok, Thailand. Agenda. Introduction Objective Phishing Management System Conclusion. Introduction. What is Phishing? - PowerPoint PPT PresentationTRANSCRIPT
A PRACTICAL APPROACH TO MANAGE PHISHING INCIDENT WITH URL FILTERING
Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee ManeesilpKasetsart University, Bangkok, Thailand.
AGENDAIntroductionObjectivePhishing Management System Conclusion
INTRODUCTIONWhat is Phishing?Why Phishing is important? Who are our concern about
Phishing?
WHAT IS PHISHING?
Phishing is an online form of deception
Attacker pretends to be someone elseTo obtain sensitive information from
the victim
WHY PHISHING IS IMPORTANT?
A serious threat to Internet usageGrowing very fastFrauds that affect many websites
and organizationsMore advanced and complex
techniques to convert the organization websites to the
seemingly trusted financial websites to gain confidential user information.
WHO ARE OUR CONCERN ABOUT PHISHING?One of the most attacked
organizations is education institution.
Organize their network systems by dividing into many sub-departments.
This hierarchical structure causes challenge in management effectiveness and network-security enforcement.
UNINET Largest university network provider in Thailand running by Ministry of Education 1Gbps and 10Gbps link
countrywide UniNet has 431
member institutes 240 Universities 134 Vocational School 57 Primary School
100,000 plus users
Phishing becomes a serious problem!
UniNet
OBJECTIVE Developing a phishing management
solution which covers to handle the whole anti-phishing processes for UniNet Systematic procedureFast responseTracking, monitoring and collecting phishing
information Intelligent URL Filtering system to enforce
the blocking specified URLBlock only the phishing URL, not the whole
site
PHISHING MANAGEMENT SYSTEMSystem Module
Account ManagementTicket ManagementWeb Filtering
Interaction DiagramUse Case DiagramSystem Configuration
SYSTEM MODULE
Incident Management Tracker & Reporter
URL Filtering
Account Management
Account Database
PhishingDatabase
Ticket Management
ACCOUNT MANAGEMENT MODULE Users must register with our system before
report the phishing website Using the following information:
Full name Company E-mail Username Password
Identification procedure
TICKET MANAGEMENT MODULE Manage Phishing
events Easy to manage
and track incidents using ticket status
Ticket management
Incident management
CreatedDeleted
Tracking & Reporting
OpenedVerified
CanceledBlockedSite Take DownClosed
URL FILTERING (WEB SCREEN) Phishing system can block/unblock web
access to the phishing site through the URL filtering system.
URL Filtering
TCP Session Hijacking Technique
Intercept HTTP requestInject forged HTTP replyBlock or redirect access of any given URL
PASS-BY URL FILTERING
Traffics are captured and passed by without queuing Zero delay, independent from traffic volume
Ease of Installation (No Traffic Interruption)
Non Blocking Traffic Stream
No Single Point of Failure Scalable
Gateway
Filtering Engine
Client
Internet
3
??
1 22
TCP SESSION HIJACKINGFiltering
SYN J
SYN K , ACK J+1
ACK K+1
FIN L
Client Server
Data (HTTP request)
Data (reply)
Packet will be ignored
Faked FIN by Filtering Engine
INTERACTION DIAGRAMCompany
UniNetAdministrator
UniversityAdministrator
Web FilteringEngine
Block the phishing URL
Inform the corresponding university administrator to investigate the incident
Re-verify the URLCancel the blocking of the URL
The ticket is set to canceled
Server investigation/cleaning
Close the ticket, inform both party
Inform that the server already clean
Report a phishing URL (open a ticket)Verify URL
USE CASE DIAGRAMCompany
UniNetAdministrator
UniversityAdministrator
Create
ticket
Manage Account
Block/unblock URL
View ticket
Change
ticket status
Notify incident cleared
Create Account
SYSTEM CONFIGURATION
Gateway
Phishing Filtering Engine
Internet UniNet
Network Backbone
Phishing Management
10G
10G 10G
10G
1G
1G
1G
1G
SPAN
management
USER TICKET TRACKING SCREENSHOT
CONCLUSION Phishing Management System is now
initial deploy on UniNet InfrastructureEnable UniNet to response quicker to
phishing incidentEnable a statistic logging that helps UniNet
anticipate the future problem and improve network security
Design for handle 10Gbps Network (need some more hardware to complete)
THANK YOU.