Search This Blog

Thursday, April 11, 2013

firewall-wizards Digest, Vol 64, Issue 4

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Phishing (stunder)
2. Re: Phishing (Paul D. Robertson)
3. Re: firewall-wizards Digest, Vol 64, Issue 3 phishing
(John Michealson)


----------------------------------------------------------------------

Message: 1
Date: Wed, 10 Apr 2013 15:55:38 -0700
From: stunder <stunder@gmail.com>
Subject: Re: [fw-wiz] Phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CAEApn4X1i1CnbyWu73o0adP71ObXcA7iZkCcmst+WgW6SALXpg@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

I am not sure if they specialize in spear fishing when it comes to
Facebook/LinkedIn but FireEye monitors incoming emails into your company
looking for attempts over your emails.


Eric

sends
On Apr 10, 2013 2:54 PM, "Paul D. Robertson" <paul@compuwar.net> wrote:

> Outside of constant training and blocking Facebook/LinkedIn does anyone
> have any good pointers or tools for phishing/spear phishing threats?
>
> Paul
> --
> President and Chairman, FluidIT Group
> Moderator, Firewall-Wizards
> http://pauldrobertson.net
> http://pauldrobertson.com
> @compuwar
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130410/cab9b898/attachment-0001.html>

------------------------------

Message: 2
Date: Thu, 11 Apr 2013 05:38:07 -0400
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] Phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <FDA91983-DBB4-4F62-8B50-969337C9EDB9@compuwar.net>
Content-Type: text/plain; charset=us-ascii

I've had friends tell me that they've never failed using fake LinkedIn accounts when performing pen tests- I'm not sure how valuable training is, but I'm reasonably confident it and Facebook are the top two common vectors.

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar

On Apr 10, 2013, at 18:56, Dotzero <dotzero@gmail.com> wrote:

> Training is useful as long as it is appropriate training that the
> enduser can reasonably implement.
>
> As far as blocking Facebook/LinkedIn, I don't believe it is a
> particularly useful approach. I prefer to educate endusers on ways to
> mitigate risks.
>
> An example of this is to never click on purported LinkedIn emails.
> Delete them and log into the site to check the message. Another
> example is to never accept an invitation to link from someone you
> don't know unless someone you know vouches for them. Taking these
> sorts of steps significantly reduces potential risks.
>
> I do recommend applying SPF/DKIM/DMARC validation to inbound mail
> streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are
> ahead of enterprises in doing this. Inbound email authentication
> validation adds a layer of protection to protect your users and
> organization. If you have a brand/domain at risk it is useful to
> implement on the sending side to help protect your customers, partners
> and vendors.
>
> Reporting malicious URLs and redirectors that arrive in your inbox(s)
> or traps to APWG is useful as is reporting them to the abuse contact
> in whois or to the upstream provider.
>
> A good practice is to also implement BCP38 outbound filtering. It
> protects your reputation and ultimately helps everyone else from abuse
> eminating from your network.
>
> Just a few thoughts,
>
> Mike
>
> On Wed, Apr 10, 2013 at 5:52 PM, Paul D. Robertson <paul@compuwar.net> wrote:
>> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>>
>> Paul
>> --
>> President and Chairman, FluidIT Group
>> Moderator, Firewall-Wizards
>> http://pauldrobertson.net
>> http://pauldrobertson.com
>> @compuwar
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


------------------------------

Message: 3
Date: Thu, 11 Apr 2013 08:10:50 -0500
From: John Michealson <micheajp@gmail.com>
Subject: Re: [fw-wiz] firewall-wizards Digest, Vol 64, Issue 3
phishing
To: "firewall-wizards@listserv.icsalabs.com"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <7927F27A-5E87-411E-96D3-6668BD57A4B9@gmail.com>
Content-Type: text/plain; charset=us-ascii

Check Point's gateway based AV went cloud based last fall. It has over 6M signatures. They also have AntiBot, which has hundreds of millions of IP and hosts classified. They are reclassifying 50k sites/hosts a day with their ThreatCloud, and ThreatEmulation is in EA. Their Application Control has 4900 apps defined locally and 300K in the cloud. Combined with education these are very effective tools.



On Apr 11, 2013, at 4:30 AM, firewall-wizards-request@listserv.icsalabs.com wrote:

> Send firewall-wizards mailing list submissions to
> firewall-wizards@listserv.icsalabs.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> or, via email, send a message with subject or body 'help' to
> firewall-wizards-request@listserv.icsalabs.com
>
> You can reach the person managing the list at
> firewall-wizards-owner@listserv.icsalabs.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of firewall-wizards digest..."
>
>
> Today's Topics:
>
> 1. Phishing (Paul D. Robertson)
> 2. Re: Phishing (J. Craig)
> 3. Re: Phishing (Dave Piscitello)
> 4. Re: Phishing (Dotzero)
> 5. Re: Phishing (Kurt Buff)
> 6. Re: Phishing (Michael D. Wood)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 10 Apr 2013 17:52:15 -0400
> From: "Paul D. Robertson" <paul@compuwar.net>
> Subject: [fw-wiz] Phishing
> To: firewall-wizards@listserv.icsalabs.com
> Message-ID: <DBFE8216-AF4C-4F56-9AD0-5522AA5EDC63@compuwar.net>
> Content-Type: text/plain; charset=us-ascii
>
> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>
> Paul
> --
> President and Chairman, FluidIT Group
> Moderator, Firewall-Wizards
> http://pauldrobertson.net
> http://pauldrobertson.com
> @compuwar
>
> ------------------------------
>
> Message: 2
> Date: Wed, 10 Apr 2013 15:45:06 -0700
> From: "J. Craig" <3141592f@gmail.com>
> Subject: Re: [fw-wiz] Phishing
> To: Firewall Wizards Security Mailing List
> <firewall-wizards@listserv.icsalabs.com>
> Message-ID:
> <CAE0GJsZAhmdanRcf1Mn5yROi-SVbRKTRYEitHY8ngq-Da_TEYQ@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Proofpoint has a URL rewriting option which has been extremely useful. Not
> sure of other solutions.
>
> -jc
>
>
> On Wed, Apr 10, 2013 at 2:52 PM, Paul D. Robertson <paul@compuwar.net>wrote:
>
>> Outside of constant training and blocking Facebook/LinkedIn does anyone
>> have any good pointers or tools for phishing/spear phishing threats?
>>
>> Paul
>> --
>> President and Chairman, FluidIT Group
>> Moderator, Firewall-Wizards
>> http://pauldrobertson.net
>> http://pauldrobertson.com
>> @compuwar
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130410/17dd32a7/attachment-0001.html>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 11 Apr 2013 09:51:20 +0200
> From: Dave Piscitello <dave@corecom.com>
> Subject: Re: [fw-wiz] Phishing
> To: Firewall Wizards Security Mailing List
> <firewall-wizards@listserv.cybertrust.com>
> Message-ID:
> <CADLVL0LHgDY1JR6HV_D4CA47sT33jqV_ExN8qYgXLZrzhXACNA@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> If you mean training, try phishme.com
>
> On Wed, Apr 10, 2013 at 11:52 PM, Paul D. Robertson <paul@compuwar.net> wrote:
>> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>>
>> Paul
>> --
>> President and Chairman, FluidIT Group
>> Moderator, Firewall-Wizards
>> http://pauldrobertson.net
>> http://pauldrobertson.com
>> @compuwar
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 10 Apr 2013 18:56:46 -0400
> From: Dotzero <dotzero@gmail.com>
> Subject: Re: [fw-wiz] Phishing
> To: Firewall Wizards Security Mailing List
> <firewall-wizards@listserv.icsalabs.com>
> Message-ID:
> <CAJ4XoYeOmUYYCrQQjVj3O3xSB7YWdSX2JpA-egdO_=SjpTC_9w@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Training is useful as long as it is appropriate training that the
> enduser can reasonably implement.
>
> As far as blocking Facebook/LinkedIn, I don't believe it is a
> particularly useful approach. I prefer to educate endusers on ways to
> mitigate risks.
>
> An example of this is to never click on purported LinkedIn emails.
> Delete them and log into the site to check the message. Another
> example is to never accept an invitation to link from someone you
> don't know unless someone you know vouches for them. Taking these
> sorts of steps significantly reduces potential risks.
>
> I do recommend applying SPF/DKIM/DMARC validation to inbound mail
> streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are
> ahead of enterprises in doing this. Inbound email authentication
> validation adds a layer of protection to protect your users and
> organization. If you have a brand/domain at risk it is useful to
> implement on the sending side to help protect your customers, partners
> and vendors.
>
> Reporting malicious URLs and redirectors that arrive in your inbox(s)
> or traps to APWG is useful as is reporting them to the abuse contact
> in whois or to the upstream provider.
>
> A good practice is to also implement BCP38 outbound filtering. It
> protects your reputation and ultimately helps everyone else from abuse
> eminating from your network.
>
> Just a few thoughts,
>
> Mike
>
> On Wed, Apr 10, 2013 at 5:52 PM, Paul D. Robertson <paul@compuwar.net> wrote:
>> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>>
>> Paul
>> --
>> President and Chairman, FluidIT Group
>> Moderator, Firewall-Wizards
>> http://pauldrobertson.net
>> http://pauldrobertson.com
>> @compuwar
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 10 Apr 2013 17:36:33 -0700
> From: Kurt Buff <kurt.buff@gmail.com>
> Subject: Re: [fw-wiz] Phishing
> To: Firewall Wizards Security Mailing List
> <firewall-wizards@listserv.icsalabs.com>
> Message-ID:
> <CADy1Ce5dr07theEBQUEHCyTrgFeaXRe4uk7WF2GTuzjMek75zQ@mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> On Wed, Apr 10, 2013 at 2:52 PM, Paul D. Robertson <paul@compuwar.net> wrote:
>> Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
>>
>> Paul
>
> I believe that several AV vendors are selling products/services with
> sandbox VMs that test attachments on emails for behavioral
> characteristics, as well as follow links and test those.
>
> Barracuda and GFI for sure, and I would believe that there are others as well.
>
> Would also have to believe that similar technology is available for
> web browsing.
>
> Kurt
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 10 Apr 2013 21:18:49 -0400
> From: "Michael D. Wood" <mike@itsecuritypros.org>
> Subject: Re: [fw-wiz] Phishing
> To: "'Firewall Wizards Security Mailing List'"
> <firewall-wizards@listserv.icsalabs.com>
> Message-ID: <005a01ce3652$85b93a10$912bae30$@itsecuritypros.org>
> Content-Type: text/plain; charset="us-ascii"
>
> Awareness and training, IMHO is the best to combat phishing/spear phishing
> attacks. There's no good rule of thumb when it comes to social engineering
> attacks, except making sure users are aware and what to look for. ;) .
>
> http://www.us-cert.gov/ncas/tips/ST04-014
>
>
> --
> Michael D. Wood
> www.itsecuritypros.org
>
> -----Original Message-----
> From: firewall-wizards-bounces@listserv.icsalabs.com
> [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Paul D.
> Robertson
> Sent: Wednesday, April 10, 2013 5:52 PM
> To: firewall-wizards@listserv.icsalabs.com
> Subject: [fw-wiz] Phishing
>
> Outside of constant training and blocking Facebook/LinkedIn does anyone have
> any good pointers or tools for phishing/spear phishing threats?
>
> Paul
> --
> President and Chairman, FluidIT Group
> Moderator, Firewall-Wizards
> http://pauldrobertson.net
> http://pauldrobertson.com
> @compuwar
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 6087 bytes
> Desc: not available
> URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130410/8b3cac65/attachment.bin>
>
> ------------------------------
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> End of firewall-wizards Digest, Vol 64, Issue 3
> ***********************************************


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 64, Issue 4
***********************************************
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)