Presentation on theme: "A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,"— Presentation transcript:
A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University, Bangkok, Thailand.
A GENDA Introduction Objective Phishing Management System Conclusion
I NTRODUCTION What is Phishing? Why Phishing is important? Who are our concern about Phishing?
W HAT IS P HISHING ? Phishing is an online form of deception Attacker pretends to be someone else To obtain sensitive information from the victim
W HY PHISHING IS IMPORTANT ? A serious threat to Internet usage Growing very fast Frauds that affect many websites and organizations More advanced and complex techniques to convert the organization websites to the seemingly trusted financial websites to gain confidential user information.
W HO ARE OUR CONCERN ABOUT PHISHING ? One of the most attacked organizations is education institution. Organize their network systems by dividing into many sub-departments. This hierarchical structure causes challenge in management effectiveness and network-security enforcement.
U NI N ET Largest university network provider in Thailand running by Ministry of Education 1Gbps and 10Gbps link countrywide UniNet has 431 member institutes 240 Universities 134 Vocational School 57 Primary School 100,000 plus users Phishing becomes a serious problem! UniNet
O BJECTIVE Developing a phishing management solution which covers to handle the whole anti-phishing processes for UniNet Systematic procedure Fast response Tracking, monitoring and collecting phishing information Intelligent URL Filtering system to enforce the blocking specified URL Block only the phishing URL, not the whole site
P HISHING M ANAGEMENT S YSTEM System Module Account Management Ticket Management Web Filtering Interaction Diagram Use Case Diagram System Configuration
S YSTEM M ODULE Incident Management Tracker & Reporter URL Filtering Account Management Account Database Phishing Database Ticket Management
A CCOUNT M ANAGEMENT M ODULE Users must register with our system before report the phishing website Using the following information: Full name Company E-mail Username Password Identification procedure
T ICKET MANAGEMENT MODULE Manage Phishing events Easy to manage and track incidents using ticket status Ticket management Incident management Created Deleted Tracking & Reporting Opened Verified Canceled Blocked Site Take Down Closed
URL F ILTERING (W EB S CREEN ) Phishing system can block/unblock web access to the phishing site through the URL filtering system. URL Filtering TCP Session Hijacking Technique Intercept HTTP request Inject forged HTTP reply Block or redirect access of any given URL
P ASS - BY URL F ILTERING Traffics are captured and passed by without queuing Zero delay, independent from traffic volume Ease of Installation (No Traffic Interruption) Non Blocking Traffic Stream No Single Point of Failure Scalable Gateway Filtering Engine Client Internet 3 ? ? 12 2
TCP S ESSION H IJACKING Filtering SYN J SYN K, ACK J+1 ACK K+1 FIN L Client Server Data (HTTP request) Data (reply) Packet will be ignored Faked FIN by Filtering Engine
I NTERACTION D IAGRAM Company UniNet Administrator University Administrator Web Filtering Engine Block the phishing URL Inform the corresponding university administrator to investigate the incident Re-verify the URL Cancel the blocking of the URL The ticket is set to canceled Server investigation/cleaning Close the ticket, inform both party Inform that the server already clean Report a phishing URL (open a ticket) Verify URL
U SE C ASE D IAGRAM Company UniNet Administrator University Administrator Create ticket Manage Account Block/ unblock URL Block/ unblock URL View ticket Change ticket status Notify incident cleared Create Account
S YSTEM C ONFIGURATION Gateway Phishing Filtering Engine Internet UniNet Network Backbone Phishing Management 10G 1G SPAN management
C ONCLUSION Phishing Management System is now initial deploy on UniNet Infrastructure Enable UniNet to response quicker to phishing incident Enable a statistic logging that helps UniNet anticipate the future problem and improve network security Design for handle 10Gbps Network (need some more hardware to complete)