A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai...

A PRACTICAL APPROACH TO MANAGE PHISHING INCIDENT WITH URL FILTERING

Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp

Kasetsart University, Bangkok, Thailand.

AGENDA

IntroductionObjectivePhishing Management System Conclusion

INTRODUCTION

What is Phishing?Why Phishing is important? Who are our concern about

Phishing?

WHAT IS PHISHING?

Phishing is an online form of deception

Attacker pretends to be someone elseTo obtain sensitive information from

the victim

WHY PHISHING IS IMPORTANT?

A serious threat to Internet usageGrowing very fastFrauds that affect many websites

and organizationsMore advanced and complex

techniques to convert the organization websites to the

seemingly trusted financial websites to gain confidential user information.

WHO ARE OUR CONCERN ABOUT PHISHING?

One of the most attacked organizations is education institution.

Organize their network systems by dividing into many sub-departments.

This hierarchical structure causes challenge in management effectiveness and network-security enforcement.

UNINET Largest university network provider in Thailand running by Ministry of Education 1Gbps and 10Gbps link

countrywide UniNet has 431

member institutes 240 Universities 134 Vocational School 57 Primary School

100,000 plus users

Phishing becomes a serious problem!

UniNet

OBJECTIVE

Developing a phishing management solution which covers to handle the whole anti-phishing processes for UniNet Systematic procedureFast responseTracking, monitoring and collecting

phishing information Intelligent URL Filtering system to enforce

the blocking specified URLBlock only the phishing URL, not the whole

PHISHING MANAGEMENT SYSTEM

System ModuleAccount ManagementTicket ManagementWeb Filtering

Interaction DiagramUse Case DiagramSystem Configuration

SYSTEM MODULE

Incident Management

Tracker & Reporter

URL Filtering

Account Management

Account Database

PhishingDatabase

Ticket Management

ACCOUNT MANAGEMENT MODULE

Users must register with our system before report the phishing website

Using the following information: Full name Company E-mail Username Password

Identification procedure

TICKET MANAGEMENT MODULE

Manage Phishing events

Easy to manage and track incidents using ticket status

Ticket management

Incident management

Created

Deleted

Tracking & Reporting

Opened

Verified

Canceled

Blocked

Site Take Down

Closed

URL FILTERING (WEB SCREEN)

Phishing system can block/unblock web access to the phishing site through the URL filtering system.

URL Filtering

TCP Session Hijacking Technique

Intercept HTTP request

Inject forged HTTP replyBlock or redirect access of any given URL

PASS-BY URL FILTERING

Traffics are captured and passed by without queuing Zero delay, independent from traffic volume

Ease of Installation (No Traffic Interruption)

Non Blocking Traffic Stream

No Single Point of Failure Scalable

Gateway

Filtering Engine

Client

Internet

TCP SESSION HIJACKINGFiltering

SYN K , ACK J+1

ACK K+1

Client Server

Data (HTTP request)

Data (reply)

Packet will be ignored

Faked FIN by Filtering Engine

INTERACTION DIAGRAM

CompanyUniNet

AdministratorUniversity

AdministratorWeb Filtering

Engine

Block the phishing URL

Inform the corresponding university administrator to investigate the incident

Re-verify the URLCancel the blocking of the URL

The ticket is set to canceled

Server investigation/cleaning

Close the ticket, inform both party

Inform that the server already clean

Report a phishing URL (open a ticket)Verify URL

USE CASE DIAGRAM

Company

UniNetAdministrator

UniversityAdministrator

Create

ticket

Manage Account

Block/unblock URL

View ticket

Change

ticket status

Notify incident cleared

Create Account

SYSTEM CONFIGURATION

Gateway

Phishing Filtering Engine

Internet UniNet

Network Backbone

Phishing Management

10G 10G

management

USER TICKET TRACKING SCREENSHOT

CONCLUSION

Phishing Management System is now initial deploy on UniNet InfrastructureEnable UniNet to response quicker to

phishing incidentEnable a statistic logging that helps UniNet

anticipate the future problem and improve network security

Design for handle 10Gbps Network (need some more hardware to complete)

THANK YOU.

A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai...

Documents

Assessing the conservation quality of tropical forest ... · GAKY ANSA Oborho Jct Odumase Okanta Omenako Neefio Atiebu . Aponoapono Suhum Praprapaabida Darko's Village Tete Kasom

Social Monitoring Report - Asian Development Bank · North Eastern State Roads Investment Program (NESRIP) Road Project MN06-CW1 (Tupul to Bishnupur) and MN06-CW2 (Thoubal to Kasom

KOTH-ARI CO · Standards specified under Section 133 of the Act, read with Rule 7 of the Companies (Accounts) Rules, 2014. e) On the basis of the written representations received

CLIMATE RESTORATION · world’s irst commercial plant to pull CO2 out of the air. The company, Climeworks, has developed scalable, low-energy, CO2-iltering machines that can operate

What Causes Sarcoidosis? Laura L. Koth - Cleveland Clinic...What Causes Sarcoidosis? Laura L. Koth Associate Professor of Medicine Director, Sarcoidosis Research Program Principal

Revenue and Disaster Management Department … Koth Kalan.pdf · Trained Volunteers Boys Girls Total Name of the coordinator ... (NCC, NSS, Scouts and Guides, Head Boy and Head Girl)

Ministry of Minority Affairs | Government of india · Construction of Sadhbhav Mandav /Sadhavna Mandap at Kasom Khullen TD Block. Construction of Sadhbhav Mandav /Sadhavna Mandap

Wellbore Surveying While Drilling Based on Kalman F iltering · directional drilling procedure. Results: Thus, besides the conventional drilling assembly, directional drilling operations

PROGRAM ZA AUTOSERVIS (POSLOVANJE I KNJIGOVODSTVO) · 2020. 3. 30. · dole na slici 35. i 36 u u tekstu posle toga o radu sa fiskalnom kasom. Svi fiskalni isečci koji se izdaju

Sunshine Bible Academy · Handcrafted coffee mugs - Deb Germain baskets for everyone - VanHeuvelen family The Old Red Barn - David and Judi VanHeuvelen Honey - Larry Koth Wooden USA

web.nioch.nsc.ruweb.nioch.nsc.ru/nioch/templates/purity_iii/files/tb/instructions/... · O)KOTH nnaBHKOBOñ KHCJIOTb1 Bb13b1BarOT CHJ1bHYIO 60J1b H paHb1. BAb1- xar-1He ee napoB Bb13BaTb

STILL EUROPE’s LEADING MINING INVESTMENT CONFERENCE …€¦ · STILL EUROPE’s LEADING MINING INVESTMENT CONFERENCE AND EXHIBITION 14th Annual ... Commodity Capital Bert Koth,

Surachai CHITPINITYON Kasom KOHT-ARSA Surasak SANGUANPONG Anan PHONPHOEM Pirawat WATANAPONGSE Chalermpol CHUPAMPUN Office of Computer Services Kasetsart

Transparent Firewall for Wireless Network Kasom Koth-arsa 1, Surasak Sanguanpong 2, Anan Phonphoem 2 {Kasom.K, Surasak.S, Anan.P}@ku.ac.th 1 Engineering

For personal use only - ASX · 2020-05-11 · A$125 million capital raising to be completed on 13 May 2020 to partially fund the KOTH development, Darlot exploration and working capital

COMPOSIT INSPECTION TEAM REPORT Kasom Block FOR THE MONTH ...ukhrul.nic.in/cit/NGO-feb/PARDA/CIT-Kasom-feb.pdf · COMPOSIT INSPECTION TEAM REPORT Kasom Block ... nutrition How much

The Order of Nine Angles And National Socialism · The Order of Nine Angles And National Socialism ... The MS was published in Sennitt's book The Infernal Texts: Nox & Liber Koth

Les 1: Level wattes? RTS FPS TPS Stealth/adventure RPG MMORPG Puzzle Adventure Platform Race Sport Etc… Multiplayer Single Player FFA TDM CTF KOTH

Biannual News from Good Samaritan Hospital Foundation ... Brahmamdam, M.D. Carol Butler Mark Clement R. Daniel Fales Sister Lois Jean Goettke, S.C. Sandy Kiefer Arlene Koth Jodi Lower

Diversity of small mammals in the Sierra Nevada: …...2016/11/15 · Diversity of small mammals in the Sierra Nevada: iltering by natural selection or by anthropogenic activities?