Security Basics mailing list archives
RE: HOW TO PREVENT FHISHING ATTACKS
From: Filiberto Moreno <FMoreno () victor org>
Date: Mon, 31 Jan 2011 11:44:36 -0800
Hello Everyone, We were experiencing a similar scenario here at my current place of employment and we ended up having to do the following steps: 1. We had all the IT support technicians to list all the applications, scheduled tasks, and services that were running under the administrator account. 2. Once we got the list put together we had the IT technicians remove those accounts and replace them with their own and had them confirm. 3. Once it was confirmed the IT director changed the password on the Domain Administrator account to a very long passphrase with upper case, lower case, special characters, and numbers. 4. The IT director typed it up in a document and printed it out, sealed it in an envelope, and deposited it in a bank safe. Hope this helps. Fili -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Patrick Webster Sent: Sunday, January 30, 2011 7:43 PM To: mzcohen2682 () aim com Cc: security-basics () securityfocus com Subject: Re: HOW TO PREVENT FHISHING ATTACKS Hi Marco, Use Sender Policy Framework - see http://en.wikipedia.org/wiki/Sender_Policy_Framework and http://www.openspf.org/ SPF is a DNS txt record which indicates whether a MTA (such as hotmail, gmail, good ISPs) should accept email purportedly from @bank.com when the source IP is i.e. a botnet. -Patrick http://www.osisecurity.com.au/ On Fri, Jan 28, 2011 at 10:44 AM, <mzcohen2682 () aim com> wrote:
Hi Guys, I am preparing a set of recommendation for a client of mine which is a bank , a set of controls against fhisging attacks, besides of telling the bank to teach there customers how to protect against those attacks ( not opening suspicious mails etc etc) what other recommendations are good? are there some technological tools to prevent those attacks that the bank can implement? I heard something about imperva radar service which should protect against fishing attack, some one has experience with that tool? what about other tools that the bank can implement? many thanks! Marco ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: HOW TO PREVENT FHISHING ATTACKS Filiberto Moreno (Feb 02)
- Re: HOW TO PREVENT FHISHING ATTACKS John Renne (Feb 03)
- Message not available
- Message not available
- Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
- RE: HOW TO PREVENT FHISHING ATTACKS Jon Davis (Feb 08)
- Re: HOW TO PREVENT FHISHING ATTACKS Paul Johnston (Feb 10)
- RE: HOW TO PREVENT FHISHING ATTACKS Gadi Naveh (Feb 15)
- Message not available
- Re: HOW TO PREVENT FHISHING ATTACKS John Renne (Feb 03)
- Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
- <Possible follow-ups>
- Re: HOW TO PREVENT FHISHING ATTACKS Adam Pal (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Lynch, Gordon CTR NHRC (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Eggleston, Mark (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Craig S Wright (Feb 03)