venkat deep rajan sumalatha reddy karthik injarapu cpsc 620 clemson university
TRANSCRIPT
![Page 1: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/1.jpg)
VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU
CPSC 620
CLEMSON UNIVERSITY
![Page 2: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/2.jpg)
INTRODUCTIONINTRODUCTION
Identity Theft
Number of phishing cases escalating in number
Customers tricked into submitting their personal data
![Page 3: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/3.jpg)
Phishing .. ?Phishing .. ?
Defined as the task of sending an email, falsely claiming to be an established enterprise in an attempt to scam a user into surrendering private information
Redirects user to a scam website, where the user is asked to submit his private data.
Derivation of the word “phishing”
![Page 4: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/4.jpg)
Social Engineering Social Engineering FactorsFactors
Phishing attacks rely on a combination of technical deceit and social engineering practices
Phisher persuades the victim to perform some series of actions
Phisher impersonates a trusted source for the victim to believe
![Page 5: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/5.jpg)
How does it look .. ?How does it look .. ?
Sophisticated e-mail messages and pop-up windows.
Official-looking logos from real organizations
![Page 6: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/6.jpg)
A Phishing mailA Phishing mail
![Page 7: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/7.jpg)
Another exampleAnother example
![Page 8: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/8.jpg)
Delivery TechniquesDelivery Techniques
Mails or spam’s: Most common way and done by utilizing spam
tools.
Web-sites: Embedding malicious content into the website.
![Page 9: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/9.jpg)
Delivery TechniquesDelivery Techniques
Redirecting: Cheat the customer to enter illicit website.
Trojan horse: Capturing home PC’s and utilizing them to
propagate the attacks.
![Page 10: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/10.jpg)
Attack TechniquesAttack Techniques
Man-in-the-middle Attacks
URL Obfuscation Attacks
Cross-site Scripting Attacks
Preset Session Attack
Hidden Attacks
![Page 11: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/11.jpg)
Man-in-the-middle AttacksMan-in-the-middle Attacks
![Page 12: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/12.jpg)
Cross-site Scripting Cross-site Scripting AttacksAttacks
![Page 13: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/13.jpg)
Preset Session Attack:Preset Session Attack:
![Page 14: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/14.jpg)
Defensive mechanismsDefensive mechanisms
Client-Side
Server-Side
Enterprise Level
![Page 15: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/15.jpg)
Client-SideClient-Side
Desktop Protection Technologies
Browser Capabilities
Digitally signed Emails
User-application level monitoring solutions
![Page 16: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/16.jpg)
Local Anti-Virus protection
Personal Firewall
Personal IDS
Personal Anti-Spam
Spy ware Detection
Desktop Protection Technologies
![Page 17: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/17.jpg)
Browser CapabilitiesBrowser Capabilities Disable all window pop-up functionality
Disable Java runtime support
Disable ActiveX support
Disable all multimedia and auto-play/auto-execute extensions
Prevent the storage of non-secure cookies
![Page 18: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/18.jpg)
Digitally Signed Digitally Signed EmailEmail
![Page 19: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/19.jpg)
Server-sideServer-side
• Validating Official Communications
• Strong token based authentication
![Page 20: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/20.jpg)
Validating Official Validating Official CommunicationsCommunications
Digital Signatures
Visual or Audio personalization of email
![Page 21: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/21.jpg)
Strong token based Strong token based authenticationauthentication
![Page 22: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/22.jpg)
Enterprise LevelEnterprise Level
Mail Server Authentication
Digitally Signed Email
Domain Monitoring
![Page 23: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/23.jpg)
Mail Server Mail Server AuthenticationAuthentication
![Page 24: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/24.jpg)
Digitally Signed EmailDigitally Signed Email
![Page 25: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/25.jpg)
Domain MonitoringDomain Monitoring
• Monitor the registration of Internet domains relating to their organization
• The expiry and renewal of existing corporate domains
• The registration of similarly named domains
![Page 26: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/26.jpg)
ConclusionConclusion
Understanding the tools and technologies
User awareness
Implementing Multi-tier defense mechanisms
![Page 27: VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY](https://reader035.vdocuments.mx/reader035/viewer/2022062304/56649f155503460f94c2a45e/html5/thumbnails/27.jpg)
ReferencesReferences Cyveillance the brand monitoring network
www.cyveillance.com
http://www.technicalinfo.net/index.html
The phishing Guide www.ngssoftware.com
http://www.webopedia.com/TERM/P/phishing.html
http://www.wordspy.com/words/phishing.asp
Stutz, Michael (January 29, 1998). "AOL: A Cracker's Paradise”
http://www.technicalinfo.net/papers/Phishing.html