Security Basics mailing list archives
RE: HOW TO PREVENT FHISHING ATTACKS
From: "Eggleston, Mark" <meggleston () healthpart com>
Date: Thu, 3 Feb 2011 11:42:00 -0500
Well said Adam. I do believe that two-factor authentication provides some remediation to this risk though. ING Bank also has implemented a (cheaper) challenge response mechanism - picture authentication. When a user creates or has his/her account created they must select a picture only they know. Then whenever they sign-on they must also acknowledge/authenticate the picture too. Phishing attacks would have a high hurdle to try to pass either of these technical security controls. Regards, Mark Eggleston, CISSP, GSEC, CHPS Manager, Security and Business Continuity Information Services Health Partners of Philadelphia, Inc. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adam Pal Sent: Wednesday, February 02, 2011 4:35 PM To: mzcohen2682 () aim com Cc: security-basics () securityfocus com Subject: Re: HOW TO PREVENT FHISHING ATTACKS Hello Mzcohen2682, Phishing is a social engineering technique, so the only proficient way to protect against is: training, security awareness, training... If we take the scenario of withdraw administrator rights - whats the benefit for phishing attack? Having no administrator privileges wont stop the user entering whatever credentials the Email is asking for. The weakest member member of the chain is the user. Best regards, Adam Pal Friday, January 28, 2011, 12:44:06 AM, you wrote: <==============Original message text=============== mac> Hi Guys, mac> I am preparing a set of recommendation for a client of mine which mac> is a bank , a set of controls against fhisging attacks, besides of mac> telling the bank to teach there customers how to protect against mac> those attacks ( not opening suspicious mails etc etc) what other mac> recommendations are good? are there some technological tools to mac> prevent those attacks that the bank can implement? I heard mac> something about imperva radar service which should protect against mac> fishing attack, some one has experience with that tool? what about other tools that the bank can implement? mac> many thanks! mac> Marco mac> ------------------------------------------------------------------- mac> ----- Securing Apache Web Server with thawte Digital Certificate In mac> this guide we examine the importance of Apache-SSL and who needs an mac> SSL certificate. We look at how SSL works, how it benefits your mac> company and how your customers can tell if a site is secure. You mac> will find out how to test, purchase, install and use a thawte mac> Digital Certificate on your Apache web server. mac> Throughout, best practices for set-up are highlighted to help you mac> ensure efficient ongoing management of your encryption keys and digital certificates. mac> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6 mac> be442f727d1 mac> ------------------------------------------------------------------- mac> ----- <===========End of original message text=========== ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ This message, together with any attachments, is intended only for the use of the individual or entity to which it is addressed. It may contain information that is confidential and prohibited from disclosure. If you are not the intended recipient, you are hereby notified that any dissemination or copying of this message or any attachment is strictly prohibited. If you have received this message in error, please notify the original sender immediately by telephone or by return e-mail and delete this message along with any attachments, from your computer. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: HOW TO PREVENT FHISHING ATTACKS Filiberto Moreno (Feb 02)
- Re: HOW TO PREVENT FHISHING ATTACKS John Renne (Feb 03)
- Message not available
- Message not available
- Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
- RE: HOW TO PREVENT FHISHING ATTACKS Jon Davis (Feb 08)
- Re: HOW TO PREVENT FHISHING ATTACKS Paul Johnston (Feb 10)
- RE: HOW TO PREVENT FHISHING ATTACKS Gadi Naveh (Feb 15)
- Message not available
- Re: HOW TO PREVENT FHISHING ATTACKS John Renne (Feb 03)
- Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
- <Possible follow-ups>
- Re: HOW TO PREVENT FHISHING ATTACKS Adam Pal (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Lynch, Gordon CTR NHRC (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Eggleston, Mark (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Craig S Wright (Feb 03)
- Re: HOW TO PREVENT FHISHING ATTACKS Patrick Kobly (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Sacks, Cailan C (Feb 03)