427 Botnet fm qxd

FSTC Phishing 
Solutions Categories
This document is a companion to the “FSTC Counter Phishing Solutions Survey
Summary” (published by FSTC on Dec. 20, 2004) and is used with the FSTC’s
permission. The survey was conducted in connection with the FSTC’s Counter
Phishing project. It is provided to give additional background information
detailing the categories used by that project and generalized in Chapter 12 to
make them equally applicable to the botnet solution space. 
B.1 Security Hardening and Technological Refinements 
B.1.1 Category I: Hardening Office and Home PCs
The home or office PC is increasingly
the “weakest link” in eCommerce security, including online financial services. At the same time, the number of users
accessing eCommerce and online financial services via PCs has grown substantially and may already represent the most
popular vehicle for transacting everyday business. Broad adoption, vulnerable PCs, and inexperienced users created the
ideal culture for growth of phishing.
B.1.1.1 Software Patch Distribution and Management Services
Tools and services that
can effectively manage the software update process in a way that increases security of end-user PCs while reducing the
burden on all users, but especially novice or inexperienced users. Also, techniques that minimize the potential that soft-
ware update procedures might, in turn, be compromised by attackers.
B.1.1.2 Malware Detection/Blocking/Elimination
Any counter-measure that can be used to
detect (recognize), block installation of, or eliminate (remove) malware. Also, improvements over traditional anti-virus soft-
ware techniques that might be more effective against increasingly sophisticated techniques that have been designed to
avoid detection or disable counter-measures.
B.1.1.3 Malware Proactive Blocking
Proactive measures that can prevent malware from ever being
installed or that neutralizes malware if it does get installed. Such tools need to protect users even when they mistakenly
enable installation of malware through a social engineering attack. Included in this category are counter-measures that
respond to any suspicious software actions, or that block all software installations unless allowed by some trusted authority.
B.1.1.4 Detection of-, Blocking Access to-, Malicious Sites
Tools that monitor and detect
deceptions used by phishers to direct users to malicious (compromised) sites and then alert the user and block access to
the malicious site. Such tools may also send reports of suspect sites encountered by users and receive information about
known good sites.
B.1.1.5 Enhanced Firewall Capabilities to Counter Phishing
Enhancements to any firewall
schemes that would improve effectiveness in preventing phishing attacks or any of the exploits that may be elements of a
phishing attack. Relevant firewall schemes could include embedded (personal) firewalls operating on PCs, network appli-
ances, or even firewall services operated by ISPs for protecting home and office PCs.
B.1.1.6 Security Policy Enforcement for PCs and PC-based Applications
Measures
to rigidly enforce security policies for PCs that eliminate potential user errors or poor judgment. Potentially, this category

Download 6,98 Mb.

Do'stlaringiz bilan baham: