Thursday, April 11, 2013

firewall-wizards Digest, Vol 64, Issue 3

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Phishing (Paul D. Robertson)
2. Re: Phishing (J. Craig)
3. Re: Phishing (Dave Piscitello)
4. Re: Phishing (Dotzero)
5. Re: Phishing (Kurt Buff)
6. Re: Phishing (Michael D. Wood)


----------------------------------------------------------------------

Message: 1
Date: Wed, 10 Apr 2013 17:52:15 -0400
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: [fw-wiz] Phishing
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <DBFE8216-AF4C-4F56-9AD0-5522AA5EDC63@compuwar.net>
Content-Type: text/plain; charset=us-ascii

Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar

------------------------------

Message: 2
Date: Wed, 10 Apr 2013 15:45:06 -0700
From: "J. Craig" <3141592f@gmail.com>
Subject: Re: [fw-wiz] Phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CAE0GJsZAhmdanRcf1Mn5yROi-SVbRKTRYEitHY8ngq-Da_TEYQ@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Proofpoint has a URL rewriting option which has been extremely useful. Not
sure of other solutions.

-jc


On Wed, Apr 10, 2013 at 2:52 PM, Paul D. Robertson <paul@compuwar.net>wrote:

> Outside of constant training and blocking Facebook/LinkedIn does anyone
> have any good pointers or tools for phishing/spear phishing threats?
>
> Paul
> --
> President and Chairman, FluidIT Group
> Moderator, Firewall-Wizards
> http://pauldrobertson.net
> http://pauldrobertson.com
> @compuwar
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130410/17dd32a7/attachment-0001.html>

------------------------------

Message: 3
Date: Thu, 11 Apr 2013 09:51:20 +0200
From: Dave Piscitello <dave@corecom.com>
Subject: Re: [fw-wiz] Phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<CADLVL0LHgDY1JR6HV_D4CA47sT33jqV_ExN8qYgXLZrzhXACNA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

If you mean training, try phishme.com

On Wed, Apr 10, 2013 at 11:52 PM, Paul D. Robertson <paul@compuwar.net> wrote:
> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>
> Paul
> --
> President and Chairman, FluidIT Group
> Moderator, Firewall-Wizards
> http://pauldrobertson.net
> http://pauldrobertson.com
> @compuwar
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


------------------------------

Message: 4
Date: Wed, 10 Apr 2013 18:56:46 -0400
From: Dotzero <dotzero@gmail.com>
Subject: Re: [fw-wiz] Phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CAJ4XoYeOmUYYCrQQjVj3O3xSB7YWdSX2JpA-egdO_=SjpTC_9w@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Training is useful as long as it is appropriate training that the
enduser can reasonably implement.

As far as blocking Facebook/LinkedIn, I don't believe it is a
particularly useful approach. I prefer to educate endusers on ways to
mitigate risks.

An example of this is to never click on purported LinkedIn emails.
Delete them and log into the site to check the message. Another
example is to never accept an invitation to link from someone you
don't know unless someone you know vouches for them. Taking these
sorts of steps significantly reduces potential risks.

I do recommend applying SPF/DKIM/DMARC validation to inbound mail
streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are
ahead of enterprises in doing this. Inbound email authentication
validation adds a layer of protection to protect your users and
organization. If you have a brand/domain at risk it is useful to
implement on the sending side to help protect your customers, partners
and vendors.

Reporting malicious URLs and redirectors that arrive in your inbox(s)
or traps to APWG is useful as is reporting them to the abuse contact
in whois or to the upstream provider.

A good practice is to also implement BCP38 outbound filtering. It
protects your reputation and ultimately helps everyone else from abuse
eminating from your network.

Just a few thoughts,

Mike

On Wed, Apr 10, 2013 at 5:52 PM, Paul D. Robertson <paul@compuwar.net> wrote:
> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>
> Paul
> --
> President and Chairman, FluidIT Group
> Moderator, Firewall-Wizards
> http://pauldrobertson.net
> http://pauldrobertson.com
> @compuwar
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


------------------------------

Message: 5
Date: Wed, 10 Apr 2013 17:36:33 -0700
From: Kurt Buff <kurt.buff@gmail.com>
Subject: Re: [fw-wiz] Phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CADy1Ce5dr07theEBQUEHCyTrgFeaXRe4uk7WF2GTuzjMek75zQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

On Wed, Apr 10, 2013 at 2:52 PM, Paul D. Robertson <paul@compuwar.net> wrote:
> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>
> Paul

I believe that several AV vendors are selling products/services with
sandbox VMs that test attachments on emails for behavioral
characteristics, as well as follow links and test those.

Barracuda and GFI for sure, and I would believe that there are others as well.

Would also have to believe that similar technology is available for
web browsing.

Kurt


------------------------------

Message: 6
Date: Wed, 10 Apr 2013 21:18:49 -0400
From: "Michael D. Wood" <mike@itsecuritypros.org>
Subject: Re: [fw-wiz] Phishing
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <005a01ce3652$85b93a10$912bae30$@itsecuritypros.org>
Content-Type: text/plain; charset="us-ascii"

Awareness and training, IMHO is the best to combat phishing/spear phishing
attacks. There's no good rule of thumb when it comes to social engineering
attacks, except making sure users are aware and what to look for. ;) .

http://www.us-cert.gov/ncas/tips/ST04-014


--
Michael D. Wood
www.itsecuritypros.org

-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Paul D.
Robertson
Sent: Wednesday, April 10, 2013 5:52 PM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] Phishing

Outside of constant training and blocking Facebook/LinkedIn does anyone have
any good pointers or tools for phishing/spear phishing threats?

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6087 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130410/8b3cac65/attachment.bin>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 64, Issue 3
***********************************************
at

No comments:

Post a Comment