Upload
james-harper
View
225
Download
0
Tags:
Embed Size (px)
Citation preview
GONE PHISHING
ECE 4112 Final Lab ProjectGroup #19Enid Brown & Linda Larmore
2Comparative Analysis of Browser Anti-Phishing Techniques
Outline
Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion
3Comparative Analysis of Browser Anti-Phishing Techniques
Background
Phishing can be defined as an attempt to obtain sensitive and personal information by masquerading as a trustworthy entity in some form of electronic communication.
This sensitive information includes, but is not limited to passwords, credit card numbers, and usernames.
As a result, all major browsers contain some type of anti-phishing measure, that is either turned on or off by default.
With an increase in the amount of spam that most email addresses receive, phishing has become more and more popular and it is important that we learn how to protect out information and detect these sites.
4Comparative Analysis of Browser Anti-Phishing Techniques
YeahRight
● ● ● ● ● ● ●
5Comparative Analysis of Browser Anti-Phishing Techniques
Outline
Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion
6Comparative Analysis of Browser Anti-Phishing Techniques
Goals
The goals for this lab are:– To introduce the concept of Phishing exploits
– Compare the anti-phishing techniques that different browsers utilize
– Compare the anti-phishing software available.
7Comparative Analysis of Browser Anti-Phishing Techniques
Outline
Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion
8Comparative Analysis of Browser Anti-Phishing Techniques
Microsoft Phishing Filter in Windows Internet Explorer 7
Microsoft Phishing Filter, uses a combination of Microsoft’s URL Reputation Service (URS) and local heuristics built into the IE 7 browser.
These methods allow it to identify and warn users in real time of suspected phish URLs, and block them from accessing confirmed phishing sites that have been reported to the URS by either users or third-party data providers.
9Comparative Analysis of Browser Anti-Phishing Techniques
Netscape Browser 9.0
Includes a built in phishing filter
Relies solely on a blacklist, which is maintained by AOL and updated frequently
10Comparative Analysis of Browser Anti-Phishing Techniques
Opera
When Opera Fraud Protection is enabled, a server is contacted at Opera every time you request a Web page.
HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.
The server checks the domain name of the requested page against live whitelists compiled by GeoTrust, and blacklists compiled by GeoTrust and Phishtank.
Opera's fraud protection server downloads blacklists directly from Phishtank, and sends a query to GeoTrust.
11Comparative Analysis of Browser Anti-Phishing Techniques
Mozilla Firefox
Phishing Protection is turned on by default in Firefox 2 or later, and works by checking the sites that you browse to against a list of known phishing sites.
This list is automatically downloaded and regularly updated within Firefox when the Phishing Protection feature is enabled.
12Comparative Analysis of Browser Anti-Phishing Techniques
McAfee SiteAdvisorToolbar
McAfee's SiteAdvisor product is a free stand-alone anti-phishing product
Suspect or blocked sites are identified by a popup balloon and by color and text changes in the button.
SiteAdvisor offers a wealth of information about sites, including whether the site appears to send spam and whether it is suspected of being a phishing site.
13Comparative Analysis of Browser Anti-Phishing Techniques
Netcraft Toolbar
Utilizes Netcraft's very large database of Web servers to flag suspected or actual phishing sites.
The toolbar displays several useful characteristics of the current page, including the country where the Web server is hosted, the true IP address, and a bar-graph "risk rating" indicator.
14Comparative Analysis of Browser Anti-Phishing Techniques
GeoTrust TrustWatch Toolbar
The TrustWatch Toolbar combines site lookups with phishing protection and Google search.
The toolbar shows the real DNS name of the currently loaded site, and it allows users to specify a visual or textual identifier that the toolbar knows and can display; this helps guard against sites that put up their own fake address bars.
15Comparative Analysis of Browser Anti-Phishing Techniques
How to rate Phishing tools
Catch rate: how well each tool catches known phish from a common pool of known phish, either by generating a warning or blocking access to the phish page.
False positive rate: how many false warnings or blocks each tool generates from a pool of known-good URLs.
16Comparative Analysis of Browser Anti-Phishing Techniques
Outline
Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion
17Comparative Analysis of Browser Anti-Phishing Techniques
Lab Procedures
Setting up browsers– Mozilla Firefox– Microsoft Internet Explorer– Opera– Netscape Navigator
Enabling browser anti-phishing Browser Anti-Phishing
18Comparative Analysis of Browser Anti-Phishing Techniques
Lab Procedures
Attempted to access known phishing websites using the four browsers
Known phishing websites listed at http://www.phishtank.com
19Comparative Analysis of Browser Anti-Phishing Techniques
Outline
Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion
20Comparative Analysis of Browser Anti-Phishing Techniques
Warning Pages
21Comparative Analysis of Browser Anti-Phishing Techniques
Browser Results
Opera 44% Blocked
Block
Allowed
Mozilla 67% B locked
Block
Allowed
IE7 67% Blocked
Blocked
Approved
Netscape 0% Blocked
Blocked
Allowed
22Comparative Analysis of Browser Anti-Phishing Techniques
Mozilla with Toolbars Results
Mozilla 0% Blocked with GeoTrust toolbar
Allowed
Blocked
Mozilla with McAffee SiteAdivsor Toolbar with 100% Blocked
Allowed
Blocked
Mozilla with NetCraft Toolbar 33% Blocked
Allowed
Blocked
23Comparative Analysis of Browser Anti-Phishing Techniques
IE7 with Toolbars Results
IE7 with NetCraft Toolbar 75% Blocked
Allowed
Blocked
IE7 with GeoTrust 50% Blocked
Allowed
Blocked
IE7 with McAfee SiteAdvisor Toolbar 75% Blocked
Allowed
Blocked
24Comparative Analysis of Browser Anti-Phishing Techniques
2006 Phishing Studies
Source: http://www.3sharp.com/projects/antiphishing/gone-phishing.pdf
25Comparative Analysis of Browser Anti-Phishing Techniques
Outline
Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion
26Comparative Analysis of Browser Anti-Phishing Techniques
Summary of new Lab proposal
Students will:– Section 1: Browsers and Phishing
• Setting up browsers• Enabling browser anti-phishing
– Section 2: Browser Anti-Phishing • Anti-phishing and PhishTank • Analyze and compare results between different browsers
– Section 3: Anti-Phishing Toolbar• Analyze and compare results between different browsers
and toolbars
27Comparative Analysis of Browser Anti-Phishing Techniques
Outline
Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion
28Comparative Analysis of Browser Anti-Phishing Techniques
Preventing Phishing
Enable browser anti-phishing Setup spam/junk mail filters Install anti-phishing toolbars Check suspected websites against
blacklists and whitelists Use false info to check validity If in doubt, DON’T DO IT!!!
29Comparative Analysis of Browser Anti-Phishing Techniques
Questions