||Add To My Personal Library
July 13, 2007
Vol.29 Issue 28|
Page(s) 13 in print issue
Dealing With Phishing, Pharming & Spam
How Can Your SME Fight Back?
Spam has been around for so long that the average IT manager frequently forgets that the name was coined for a processed meat product that is celebrating its 70th anniversary. Phishing has been a fact of online life for a while now, as well, while pharming is another cute term for another online exploitation tactic, says Andrew Jaquith, program manager of security research at The Yankee Group.
Despite the advances made in filters, security appliances, and the like, miscreants seem to be able to keep a step or two ahead of security product developers. The primary reason is that these types of threats are driven by monetary gain, says Chris Simmons, director of product strategy at security appliance manufacturer Fortinet (www.Processor.com/Fortinet-Inc). The techniques the bad guys use, particularly social engineering, have not fundamentally changed but have simply become more focused in attempts to deceive recipients into believing the message is legitimate.
Like Chocolate & Peanut Butter
Over the last year or two, spamming and phishing have become increasingly intertwined, says Jaquith. Unlike the spam of his youth, todays spam has become increasingly customized—so much so that an end user might receive a spoof email that is seemingly from someone he knows and trusts that asks him to click a link to see a new product or Web site, Jaquith says.
Jaquith says the so-called bad guys can subscribe to a service such as ZoomInfo.com or another business information search engine for a relatively small fee and see how users are linked to one another. The emails pass through normal spam filters and appear to come from trusted sources, when in fact these emails are designed to get users to go to phishing sites, where they either inadvertently download malware that attacks their computer and infects other PCs or log in confidential information, such as passwords.
If you think that this cant happen to you, Jaquith points to several high-profile cases of seemingly legitimate Web sites being hijacked, including phishing emails that were purportedly from the Better Business Bureau and the Web site for the Miami Dolphins stadium, the site of this years Super Bowl, during Super Bowl weekend.
Improving Security Tools
When asked what Fortinet is doing to improve the effectiveness of its security tools, Simmons says that research is key. We have a large staff of security researchers devoted to understanding new threat techniques and their inner workings. They then turn that knowledge into protection capabilities in our security products, he explains.
This research has led to Fortinets FortiGate multithreat security solutions for protection against multiple and blended threats, be they malware or a network-based vulnerability. Meanwhile, the companys FortiMail email security device acts as a front-end message transfer agent to relieve other email infrastructures workload, in transparent mode to install with minimal changes to the environment. It can even act as the mail server for organizations who do not currently have an email infrastructure, Simmons says.
According to Simmons, a multipronged approach that includes network perimeter, network core, network-access layer, and endpoint security products offers the highest level of protection for larger small to midsized enterprises. For smaller organizations, perimeter and endpoint security should be the primary focus areas, Simmons adds.
Like Chocolate & Peanut Butter (Part 2)
Independent industry analyst Blane Warrene has spent nearly 20 years designing and maintaining networks primarily for financial services companies, and he believes in using hardware at the network level and distributing compatible security software at the end-user device level. Dont forget to protect mobile devices in your scenario, as that is often a weak link.
Warrenes personal favorites for network-level security hardware include devices manufactured by Sophos (www.Processor.com/Sophos1), SonicWall (www.Processor.com/SonicWALL), and Barracuda Networks (www.Processor.com/Barracuda) because they provide multilevel protection against threats and support remote-access users. Moreover, they come with management software.
For end-user computers and mobile devices, Warrene says software from Sophos and F-Secure (www.Processor.com/FSecure) is particularly effective. At the same time, Warrene does point out that options are available for outsourcing email altogether. Such options include those from Live Office (www.liveoffice.com), Microsoft Hosted Exchange (www.microsoft.com), and AppRiver (www.Processor.com/AppRiver).
We have a few hundred users in the field and have outsourced the email service for those folks, including spam and A/V filtering, data storage, and data backup, Warrene says. There are vendors that eat, sleep, and breathe malware prevention. I am sure they know better than I how to secure our mail servers optimally.
Finally, Yankee Group analyst Jaquith says the emergence of new technology for the Web offers users visual feedback about whether a given Web site or page is legitimate. For example, Microsofts Internet Explorer 7 and Mozilla Firefox 2 each include antiphishing toolbars that glow green when a vendor has an extended validation certificate and red when it doesnt.
by Robyn Weisman
Phishing, Pharming & Spam Security Threats |
|Social engineering is one means attackers use to successfully pull off spam, phishing, and pharming attacks. Blane Warrene, an independent industry analyst, says that these schemes are what keeps a lot of the profit to the bad guys flowing. We have to continuously stream education on how to avoid and evade threats that end up in our staff and customers inboxes. In addition to educating users, here are some other ideas for what actions you can take when faced with security threats. |
|Security Threat ||What To Do |
|Phishing ||Check all links provided in emails. If you access a given Web site regularly, make sure you type the address directly to ensure you are going to a legitimate Web site, says Warrene. |
|Pharming ||Antivirus, IPS [intrusion prevention systems], and Web filtering are all useful security technologies for combating pharming, says Fortinets (www.Processor.com/Fortinet-Inc) Chris Simmons. Antivirus software will detect malware payloads. IPS can detect cross-site scripting and other attempts to redirect traffic. And Web filtering will be able to block known malicious sites so the user doesnt enter their personal information. |
|Spam ||Warrene recommends good spam filtering at the mail gateway level with additional filtering available to end users. Train end users to carefully choose what e-newsletters they subscribe to and scrutinize the privacy and opt-out policies of Web sites they give their email address to. |
SPONSORED LINKS |
Intego Internet Security Barrier X4
Keeps Mac OS X and Windows safe from hackers, vandals, spyware, spam, and phishing
McAfee Total Protection for Enterprise
The industrys first truly integrated system security solution; delivers comprehensive protection without compromise