B.1.4.1 DNS Hardening
Measures that can be employed to reduce vulnerabilities in resolving domain names or
prevent name spoofing along with measures that can strengthen DNS security so that it can serve as a foundation for estab-
lishing greater trust in Internet services.
B.1.4.2 eMail
Infrastructure Hardening
eMail infrastructure enhancements that reduce the potential for
abuse, including spam as well as strengthening email security so that correspondence can be more trusted.
B.1.4.3 IM & IRC Infrastructure Hardening
Infrastructure improvements that eliminate vulnerabilities
and reduce likelihood that these communications channels can serve as vectors for phishing attacks.
B.1.4.4 P2P Service Hardening
Refinements to P2P (peer-to-peer) services (e.g., file swapping, interactive gaming, collaborative systems) that reduce potential
vulnerabilities and limit this channel as a vector for phishing attacks.
B.1.4.5 Cell Phone & PDA Service Hardening
Measures to harden Internet
or extranet services used
in supporting communications with mobile users via cell phones or PDAs with particular emphasis on limiting the ability of
phishers to use these channels as vectors for attacking end users.
B.1.4.6 Anti-Spoofing Measures
Any measures that can be used within the Internet to either limit the ability
of phishers to masquerade as legitimate authorities or to increase the options for end users to detect misrepresentations or
impostors.
B.1.4.7 Traffic/Content Filtering within the Cloud
Techniques
that can be used to filter out, or at
least flag, traffic or content that has a high probability of being associated with phishing attacks. Included in this category are
the tools for building and maintaining both black lists of Internet sources involved in phishing and white lists of legitimate
sources.
B.1.4.8 Effective Internet Surveillance/Monitoring Tools
Any tools or techniques that can be
used to observe any phase of the phishing life cycle in ways that support proactive defenses, rapid response reactions, and gath-
ering of evidence for prosecution of perpetrators.
B.1.5 Category V: Strengthening
On-Line Security Measures
In addition to the many vulner-
abilities in PCs, systems, and infrastructure, phishers also take advantage of traditionally weak online security measures, such as
userid/password (a.k.a., single-factor) authentication. Since the technologies exist for strengthening online security for finan-
cial transactions, it is likely that stronger measures will play an important role in countering the phishing threat.
B.1.5.1 PKI and Certificate Issuing/Management
Services
Approaches for harnessing traditional
and new PKI services along with digital certificates as elements in strengthening online security measures and establishing new
frameworks for increasing confidence.
B.1.5.2 Authentication Management Systems
Systems that can be used to manage enrollment in, and
use of, strong authentication measures, especially multi-factor authentication.
B.1.5.3 Multi-Party Strong Authentication Services
Techniques for
allowing multiple parties to
authenticate each other are of great interest in financial transactions where it is common to have financial institutions partici-
pating along with merchants and consumers, businesses, buyers and sellers, traders, or even government agencies.
B.1.5.4 Multi-Factor Authentication Services
Any solution that offers at least two or more authentica-
tion factors in a manner that truly strengthens authentication measures.
B.1.5.5 End-User Cryptographic & “2nd Authentication Factor” Devices
End-user
devices that can be used to provide at least one additional authentication factor—e.g., crypto tokens, one-time PIN genera-
tors, and biometric scanners.
B.1.5.6 Federated Identity Management (SSO) Services
Services that
can extend authentication
across organizational boundaries, or allow one organization to leverage authentication procedures established for subjects (e.g.,
consumers, businesses) by another organization.
B.1.5.7 Support for Alternative Authentication Relationships
New approaches that shift the
authentication relationships to more closely align with natural trust relationships, for example shifting the burden of authenti-
cating a consumer from a merchant to the consumer’s financial
institution.
B.1.5.8 Authentication via User Access &
Behavior Profiles
Techniques that can be used to
increase confidence that an end user is acting in a normal manner and using financial services in a way that is consistent with
their established profile of behavior. Such techniques might look at all observable aspects of user access or transactional
behavior, and raise cautionary flags when aberrations exceed some threshold associated with the user’s profile.
Do'stlaringiz bilan baham: