RE: Anti-Phishing Strategies

["Scott Race" <srace () jdaarch com>]

There are toolbars that can be loaded into the browser, Firefox has some extensions are there are 3rd party solutions.  
However, these do require the user to understand what info the toolbar gives them, which can be a challenge.

If you have a lot of users, sounds like a solution on the gateway is your best option.

I don't agree when people ask the question if web browsing is necessary.  Businesses use the Internet for all kinds of 
legit reasons, so restricting web access to a few sites is an administrative nightmare for the admin and just makes for 
disgruntled end users.

Scott
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Pedro Fortuny Ayuso
Sent: Friday, April 11, 2008 12:22 PM
To: security-basics () securityfocus com
Subject: Re: Anti-Phishing Strategies

El 09/04/2008, a las 21:50, Timmothy Lester escribió:
> > We are doing all the "normal education stuff"
>
>
> It is my personal opinion that NORMAL education is not enough..   
> Most of
> the time this is just information that goes in one ear and out the
> other.  Since it's a "customer" you are dealing with, I don't know how
> you should be responsible, but in any case you need to TRAIN people
> rather than educate them.  You almost have to scare people, by holding
> them responsible for their ignorant actions.

I tend to agree. I guess (apart from restrictive filtering, only  
allowing
outbound access to certain web pages) the only way to prevent being
cheated is either by experience or by over-reaching security.

Is web **browsing** **really** necessary? Can your company live with  
just
accessing some banks and a couple of other well-known sites?

Pedro.


> -----Original Message-----
> From: listbounce () securityfocus com  
> [mailto:listbounce () securityfocus com]
> On Behalf Of Al Cooper
> Sent: Wednesday, April 09, 2008 1:11 PM
> To: security-basics () securityfocus com
> Subject: Anti-Phishing Strategies
>
> One of my customers has recently been a target of a targeted and
> somewhat
> successful phishing attack.  I am looking at strategies to counteract
> this
> and future attacks.  We are doing all the normal education stuff, but
> the
> customer base is large.
>
> I am looking at companies like MarkMonitor & Cyveillance.  Does anyone
> have
> any experience with these type of companies?
>
> Any other strategies that I should consider?
>
> Thanks for your help,
>
>
>
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.



-- 
Pedro Fortuny Ayuso.
Desarrollo y mantenimiento de Redes. Seguridad.
Analisis de Datos.
www.pfortuny.net
C/Capuchinos 14, 1-s. 47006 Valladolid, SPAIN