Educause Security Discussion mailing list archives
Re: Mitigating Phishing Attacks
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 14 Nov 2012 18:15:12 -0500
Hi, This GULP presentation <http://www.nysernet.org/workshops/2011/GULP.pdf> has a section on using GULP to discover compromised accounts Thanks, Joel Rosenblatt Joel Rosenblatt, Director, Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Wednesday, November 14, 2012 4:23 PM -0600 Steven Tardy <sjt5 () ITS MSSTATE EDU> wrote:
0a) log all authentications(failed and successful) to a database. (something homegrown similar to: Grand Unified Logging Project, GULP) 0b) create a database of ip addresses of "known bad guys" (the phishers will keep trying from the same ip addresses) export database to "known bad guy" DNSBL. 1) scour auth database for nigerian/anonymous-proxy logins. notify security team *immediately* of login from "known bad guy". 2) outbound email server hold/quarantine email on "known bad guy" DNSBL. 3) watch outbound queues/graphs for jumps in size. not perfect, but catches/prevents quite a bit.It would be useful to know your top 3 strategies for preventing and mitigating such occurrences. Thanks.
Joel Rosenblatt, Director, Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Current thread:
- Mitigating Phishing Attacks Christopher Jones (Nov 14)
- Re: Mitigating Phishing Attacks Jason Gates (Nov 14)
- Re: Mitigating Phishing Attacks King, Ronald A. (Nov 14)
- Re: Mitigating Phishing Attacks Amanda Williams (Nov 14)
- Re: Mitigating Phishing Attacks Steven Tardy (Nov 14)
- Re: Mitigating Phishing Attacks Joel Rosenblatt (Nov 14)
- Message not available
- Re: Mitigating Phishing Attacks Drew Perry (Nov 15)
- Re: Mitigating Phishing Attacks Valdis Kletnieks (Nov 18)
- Re: Mitigating Phishing Attacks Bob Bayn (Nov 14)
- Re: Mitigating Phishing Attacks Bateman, Darrell (Nov 16)
- Re: Mitigating Phishing Attacks Christopher Jones (Nov 19)
- <Possible follow-ups>
- Re: Mitigating Phishing Attacks Conlee, Keith (Dec 04)
- Re: Mitigating Phishing Attacks Tonkin, Derek K (Dec 04)
- Re: Mitigating Phishing Attacks Oscar Knight (Dec 04)
- Re: Mitigating Phishing Attacks Tonkin, Derek K (Dec 04)
- Mitigating Phishing Attacks Conlee, Keith (Dec 04)