a practical approach to manage phishing incident with url filtering
DESCRIPTION
A Practical Approach to Manage Phishing Incident with URL Filtering. Kasom Koth-Arsa , Surachai Chitpinityon , Julllawadee Maneesilp Kasetsart University, Bangkok, Thailand. Agenda. Introduction Objective Phishing Management System Conclusion. Introduction. What is Phishing? - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/1.jpg)
A PRACTICAL APPROACH TO MANAGE PHISHING INCIDENT WITH URL FILTERING
Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee ManeesilpKasetsart University, Bangkok, Thailand.
![Page 2: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/2.jpg)
AGENDAIntroductionObjectivePhishing Management System Conclusion
![Page 3: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/3.jpg)
INTRODUCTIONWhat is Phishing?Why Phishing is important? Who are our concern about
Phishing?
![Page 4: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/4.jpg)
WHAT IS PHISHING?
Phishing is an online form of deception
Attacker pretends to be someone elseTo obtain sensitive information from
the victim
![Page 5: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/5.jpg)
WHY PHISHING IS IMPORTANT?
A serious threat to Internet usageGrowing very fastFrauds that affect many websites
and organizationsMore advanced and complex
techniques to convert the organization websites to the
seemingly trusted financial websites to gain confidential user information.
![Page 6: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/6.jpg)
WHO ARE OUR CONCERN ABOUT PHISHING?One of the most attacked
organizations is education institution.
Organize their network systems by dividing into many sub-departments.
This hierarchical structure causes challenge in management effectiveness and network-security enforcement.
![Page 7: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/7.jpg)
UNINET Largest university network provider in Thailand running by Ministry of Education 1Gbps and 10Gbps link
countrywide UniNet has 431
member institutes 240 Universities 134 Vocational School 57 Primary School
100,000 plus users
Phishing becomes a serious problem!
UniNet
![Page 8: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/8.jpg)
OBJECTIVE Developing a phishing management
solution which covers to handle the whole anti-phishing processes for UniNet Systematic procedureFast responseTracking, monitoring and collecting phishing
information Intelligent URL Filtering system to enforce
the blocking specified URLBlock only the phishing URL, not the whole
site
![Page 9: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/9.jpg)
PHISHING MANAGEMENT SYSTEMSystem Module
Account ManagementTicket ManagementWeb Filtering
Interaction DiagramUse Case DiagramSystem Configuration
![Page 10: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/10.jpg)
SYSTEM MODULE
Incident Management Tracker & Reporter
URL Filtering
Account Management
Account Database
PhishingDatabase
Ticket Management
![Page 11: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/11.jpg)
ACCOUNT MANAGEMENT MODULE Users must register with our system before
report the phishing website Using the following information:
Full name Company E-mail Username Password
Identification procedure
![Page 12: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/12.jpg)
TICKET MANAGEMENT MODULE Manage Phishing
events Easy to manage
and track incidents using ticket status
Ticket management
Incident management
CreatedDeleted
Tracking & Reporting
OpenedVerified
CanceledBlockedSite Take DownClosed
![Page 13: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/13.jpg)
URL FILTERING (WEB SCREEN) Phishing system can block/unblock web
access to the phishing site through the URL filtering system.
URL Filtering
TCP Session Hijacking Technique
Intercept HTTP requestInject forged HTTP replyBlock or redirect access of any given URL
![Page 14: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/14.jpg)
PASS-BY URL FILTERING
Traffics are captured and passed by without queuing Zero delay, independent from traffic volume
Ease of Installation (No Traffic Interruption)
Non Blocking Traffic Stream
No Single Point of Failure Scalable
Gateway
Filtering Engine
Client
Internet
3
??
1 22
![Page 15: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/15.jpg)
TCP SESSION HIJACKINGFiltering
SYN J
SYN K , ACK J+1
ACK K+1
FIN L
Client Server
Data (HTTP request)
Data (reply)
Packet will be ignored
Faked FIN by Filtering Engine
![Page 16: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/16.jpg)
INTERACTION DIAGRAMCompany
UniNetAdministrator
UniversityAdministrator
Web FilteringEngine
Block the phishing URL
Inform the corresponding university administrator to investigate the incident
Re-verify the URLCancel the blocking of the URL
The ticket is set to canceled
Server investigation/cleaning
Close the ticket, inform both party
Inform that the server already clean
Report a phishing URL (open a ticket)Verify URL
![Page 17: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/17.jpg)
USE CASE DIAGRAMCompany
UniNetAdministrator
UniversityAdministrator
Create
ticket
Manage Account
Block/unblock URL
View ticket
Change
ticket status
Notify incident cleared
Create Account
![Page 18: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/18.jpg)
SYSTEM CONFIGURATION
Gateway
Phishing Filtering Engine
Internet UniNet
Network Backbone
Phishing Management
10G
10G 10G
10G
1G
1G
1G
1G
SPAN
management
![Page 19: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/19.jpg)
USER TICKET TRACKING SCREENSHOT
![Page 20: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/20.jpg)
CONCLUSION Phishing Management System is now
initial deploy on UniNet InfrastructureEnable UniNet to response quicker to
phishing incidentEnable a statistic logging that helps UniNet
anticipate the future problem and improve network security
Design for handle 10Gbps Network (need some more hardware to complete)
![Page 21: A Practical Approach to Manage Phishing Incident with URL Filtering](https://reader035.vdocuments.mx/reader035/viewer/2022062410/56815d4c550346895dcb56d6/html5/thumbnails/21.jpg)
THANK YOU.