Date post: | 27-Dec-2015 |
Category: |
Documents |
Upload: | joshua-elliott |
View: | 213 times |
Download: | 0 times |
NLIT 2009
Philip Arwood
John Gerber
Development of a Process for Phishing Awareness Activities
2 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
What Will We Discuss?
• Phishing and related Problems– Real world examples
• Goals and Challenges of Phishing Awareness– Early process – Examples (early and current)– Stats gathered
• Phishing Technical: Getting Under the Hood
3 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
If Only Life Was Simple
4 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
View Point Of The Problem
• The following is an excerpt from speech by Mr. George Tenet, Director, CIA, delivered at the Georgia Institute of Technology, Atlanta, Georgia.– “The number of known adversaries conducting research on
information attacks is increasing rapidly and includes intelligence services, criminals, industrial competitors, hackers, and aggrieved or disloyal insiders”.
5 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Common Weaknesses
• Here are some of the most common visible or known weaknesses an adversary can exploit to obtain critical information: – Inappropriate use of email / attachments / web– Lack of awareness: don’t know what to protect, or who to
protect it from– Poor access controls– Failure to practice need to know– Failure to comply with security policies
6 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
SANS Top Ten List (what people do to mess up their computer)
• Number 10 – Don’t bother with backups
• Number 9 – Use Easy, Quick Passwords
• Number 8 – Believe that Macs don’t get viruses
• Number 7 – Click on Everything
• Number 6 – Open ALL Email attachments
• Number 5 – Keep Your hard drive full and fragmented
• Number 4 – Install and Uninstall lots of programs (especially freeware)
• Number 3 – Turn off the Antivirus because it slows down your system
• Number 2 – Surf the Internet without a Hardware Firewall and a Software Firewall
• Number 1 – Plug into the Wall without Surge Protection
7 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing Stats
• According to Gartner, December 17, 2007– The average dollar loss per Phishing Victim is $866– The total dollar loss of all phishing victim over a 1 year period is
$3.6 Billion– The number of people who fell victims to phishing scams over that
same 1 year period is 3.2 Million
• According to a Gartner Survey– More than 5 million U.S. consumers lost money to phishing attacks
in the 12 months ending in September 2008, a 39.8 percent increase over the number of victims a year earlier
– Survey indicated a trend toward higher-volume and lower-value attacks
8 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing Stats (cont.)
• According to SonicWall, 2008– The estimated number of phishing e-mails sent world-wide
each month is 8.5 Billion
• According to Anti-Phishing Working Group– The number of phishing web sites that were operational in
May 2008 is 32,414
9 Managed by UT-Battellefor the U.S. Department of Energy
According to Gartner, April 2, 2009– More than 5 million consumers lost to phishing attacks in the 12
months ending in September 2008, a 39.8 increase over the number of victims a year earlier.
– The average consumer loss in 2008 per phishing incident was $351, a 60% decrease from the year before. Gartner believes the criminals are intentionally engaging in higher volume and lower-value attacks to stay under the radar of fraud detection systems that have become pervasive at banks and other financial services providers.
– About 4.33% of phishing e-mail recipients recalled giving away sensitive information after they clicked on a phishing e-mail link, which is a 45% increase over the prior year.
Phishing Stats (cont.)
10 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 1a
• Point One
• Point Two
• Point Three
• Point Four
11 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 1b
• Point One
• Point Two
• Point Three
• Point Four
12 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 1c
• Point One
• Point Two
• Point Three
• Point Four
13 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 2
• Point One
• Point Two
• Point Three
• Point Four
14 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 3
• Point One
• Point Two
• Point Three
• Point Four
15 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 4
• Point One
• Point Two
• Point Three
• Point Four
16 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 5
• Point One
• Point Two
• Point Three
• Point Four
17 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing (Real World) Example 6
• Point One
• Point Two
• Point Three
• Point Four
18 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Why Phish?
• Benefits:– Training tool for raising user awareness regarding phishing
and the dangers.– Serves as a self assessment tool.
• The Challenge:– To develop phishing emails for monthly assessments– To develop repeatable and reliable delivery methods– To gather meaningful statistics for management
19 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Summary of Early Phishing Process
• Phishing Email was developed
• Researched URL to ensure no “real” sites were used, local redirect created to point to “gotcha” page
• Recipient list was created
• UNIX script was used to queue / send email.
• “Gotcha” page was monitored for network traffic, harvested IPs and times of connections
20 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Phishing Emails
• The early emails were developed to appear plain and contain obvious clues such as misspelled words, hyphenated URLS, etc.
• As the process evolved the emails contained less obvious clues.
• Following are examples of emails used early on and a few current examples.
21 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Early Phishing Example
22 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Early Phishing Example (cont)
23 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Early Phishing Example (cont)
24 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Current Phishing Example
25 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Current Phishing Example (cont)
26 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Current Phishing Example (cont)
27 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Current Phishing Example (cont)
28 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Gotcha Page
• URL points to a web page that states:– Exercise was initiated by security– Gives information regarding what could have happened– Encourages user to re-take Cyber Awareness training
(phishing awareness is reinforced in cyber awareness training)
29 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Gotcha Page
30 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
What Data Do We Gather?
• End-User Response Time– The time between sending email and notification to security
via email, phone, SPAM folder, …– Total number of responses
• End-User Click Rates– When the first click occurred– Total number of clicks– Who clicked
31 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Suggestions for Topics?
• End-Users appear to be more interested in:– E-Cards (Valentines, Holiday cards, etc.)– Local News (highway construction, etc.)– Sports– Humor
• End-Users appear to be less interested in:– Technology related topics– Surveys
32 Managed by UT-Battellefor the U.S. Department of Energy
Protecting Your Information
Results
Result summary for 2008Category Average PercentageResponse to Security in Minutes 22 (Minutes)
Number of Individuals Who Clicked Before Response to Security Was Received 7 1.6%
Number of Responses Sent To Security 11 2.7
Number Of Responses Placed In SPAM Folder 8 1.8%
Number Of Responses Received Other Ways 1 0.3%
Total Response 20 4.8%
Total Clickers 42 10.0%
Category Average Percentage
Response to Security in Minutes 28 (Minutes)
Number of Individuals Who Clicked Before Response to Security Was Received 8 1.5%
Number of Responses Sent To Security 4 1.0%
Number Of Responses Placed In SPAM Folder 5 1.0%
Number Of Responses Received Other Ways 0 -
Total Response 9 1.6%
Total Clickers 42 6.8%
Result summary for 2009 to date
Phishing Technical: Getting Under the Hood
John J. GerberCISSP, GCFA, GCIH, GISP, GSNA
34 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
A Presentation of Interest
“Spear Phishing: Real Cases, Real Solutions”
Rohyt Belani, Intrepidus Group. Wednesday, 11:00-11:45.
35 Managed by UT-Battellefor the U.S. Department of Energy
What Will We Discuss?
• Basic System Setup
• Configuration Files
• Database Tables
• Programs Involved
• Walk Through
• Show Sample Results
36 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
System Configuration• Classic LAMP System
– Linux– Apache– MySQL– Perl
• ModSecurity
• Request Tracker
• Thunderbird
37 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Create Data Files
We keep each anti-phishing exercise in its own directory. In each directory create:
· Phishing Email
· Employee List
· LUP Exceptions
· Previous Clickers
· Exempt List
· Images
38 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Sample Configuration FileTEMPLATE::test::template.htmlTEMPLATE::whole::template.htmlTEMPLATE::lup::template.htmlTEMPLATE::clickers::template.html
SENDER::test::[email protected]::whole::[email protected]::lup::[email protected]::clickers::[email protected]
SUBJECT::test::FWD: FWD: FWD: HilariousSUBJECT::whole::FWD: FWD: FWD: HilariousSUBJECT::lup::FWD: FWD: FWD: This is HilariousSUBJECT::clickers::FWD: FWD: FWD: That is Hilarious
WEB_HOST::test::upost.comWEB_HOST::whole::upost.comWEB_HOST::lup::upost.comWEB_HOST::clickers::upost.com
EMAIL_FILE::test::test_pool.txtEMAIL_FILE::whole::whole_pool.txtEMAIL_FILE::lup::lup_pool.txtEMAIL_FILE::clickers::clickers_pool.txt
REMOVE_EMAIL_FILE::whole::received_pool.txtEMAIL_NUM::test::999EMAIL_NUM::whole::550EMAIL_NUM::lup::999EMAIL_NUM::clickers::999
39 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
SCF: Template<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN">
<html>
<head>
<title>FWD: FWD: FWD: Hilarious</title>
</head>
<body bgcolor="#ffffff" text="#000000">
<big><big>Check it out!</big></big><br>
<p class="MsoNormal" style="margin-bottom: 12pt;"><b><span
style="font-size: 11pt; font-family: "Tahoma","sans-serif";"><br>
From:</span></b><span
style="font-size: 11pt; font-family: "Tahoma","sans-serif";">
Castle, Frank <br>
<b>Sent:</b> Tuesday, March 17, 2009 9:50 AM<br>
<b>To:</b> Barton, Clint; Smith, Travis N.; Jones, Cora M.; James,
Jennifer; Redman, Doug S.; Schrof, Tina; Tillman, Edward E.; Van Dyke, Richard L.; Farner
Mark K.; Jamison, Hollie; Stewart, Greg; Young, Justin M.; Pierce, James G.;
Spencer, Tim; Alexander, Charles B.; Gordon, Dale E.; Keen, Robert H.<br>
Create · HTML Editor:
Thunderbird· Text Based Editor· TAGS
http://REPLACEWITHHOST/REPLACEWITHID/href="mobile.html“href="“img src="opening.jpg"
40 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Database: Tables
attack+-------------+---------------------------------------+
| Field | Type |
+-------------+---------------------------------------+
| aid | int(10) unsigned |
| attack_type | enum('lup','test','whole','clickers') |
| started | datetime |
| ended | datetime |
| first_view | datetime |
| last_view | datetime |
| first_click | datetime |
| last_click | datetime |
| sent_user | varchar(50) |
| sent_host | varchar(50) |
| subject | varchar(50) |
| body | mediumtext |
| sent_count | int(5) unsigned |
| click_count | int(5) unsigned |
| name | varchar(15) |
+-------------+---------------------------------------+
41 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
+------------+-------------+| Field | Type |+------------+-------------+| username | varchar(25) || dcso | varchar(25) || last_name | varchar(50) || first_name | varchar(50) || user_phone | varchar(12) |+------------+-------------+
gerberjjarwoodpcGerberJ J (John)865-574-9756
victims
Database: Tables (2)
42 Managed by UT-Battellefor the U.S. Department of Energy
Database: Tables (3)
+----------+------------------+| Field | Type |+----------+------------------+| uid | varchar(25) || aid | int(10) unsigned || username | varchar(25) || added | datetime |+----------+------------------+
ibYyK1x8lstu1KseMrkpdJaHv
14
gerberjj
2009-03-24 10:32:30
victim_pool
43 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
ibYyK1x8lstu1KseMrkpdJaHv2009-03-24 13:45:57NULLNULL2009-03-25 10:36:04
user123.ornl.govno
+--------------+------------------+| Field | Type |+--------------+------------------+| uid | varchar(25) || sent | datetime || viewed_time | datetime || viewed_log | varchar(255) || clicked_time | datetime || clicked_log | varchar(255) || ip | varchar(50) || email_sent | enum('yes','no') |+--------------+------------------+
session
Database: Tables (4)user123.ornl.gov - - [25/Mar/2009:10:36:04 -0400] "GET /photo/ibYyK1x8lstu1KseMrkpdJaHv/showalbulm.pl?albulm=new HTTP/1.1" 200 2577 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14“
44 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Sample Initial Setup
[hilarious]# ls -1clickers_pool.txtlup_pool.txtphish.confreceived_pool.txttemplate.htmltest_pool.txtwhole_pool.txt
No File
[email protected]@[email protected]@[email protected]
00007 [email protected] "Gerber, John J" 1231231200009 [email protected] "Pike, Christopher" 2312312300010 [email protected] "Colt, J M" 2312312300011 [email protected] "Boyce, Phillip" 2312312300012 [email protected] "Tyler, Jose" 23123123
TEMPLATE::test::template.htmlTEMPLATE::whole::template.htmlTEMPLATE::lup::template.htmlTEMPLATE::clickers::template.htmlSENDER::test::[email protected]::whole::[email protected]::lup::[email protected]::clickers::[email protected]::test::FWD: FWD: FWD: HilariousSUBJECT::whole::FWD: FWD: FWD: HilariousSUBJECT::lup::FWD: FWD: FWD: That is HilariousSUBJECT::clickers::FWD: FWD: FWD: This is HilariousWEB_HOST::test::www.upostfun.comWEB_HOST::whole::www.upostfun.comWEB_HOST::lup::www.upostfun.comWEB_HOST::clickers::www.upostfun.comEMAIL_FILE::test::test_pool.txtEMAIL_FILE::whole::whole_pool.txtEMAIL_FILE::lup::lup_pool.txtEMAIL_FILE::clickers::clickers_pool.txtREMOVE_EMAIL_FILE::whole::received_pool.txtEMAIL_NUM::test::999EMAIL_NUM::whole::550EMAIL_NUM::lup::999EMAIL_NUM::clickers::999
No File
<html><head> <title>FWD: FWD: FWD: Hilarious</title></head><body bgcolor="#ffffff" text="#000000"><big><big>Check it out!</big></big><br><p class="MsoNormal" style="margin-bottom: 12pt;"><b><span style="font-size: 11pt; font-family: "Tahoma","sans-serif";"><br>From:</span></b><span style="font-size: 11pt; font-family: "Tahoma","sans-serif";">Castle, Frank <br><b>Sent:</b> Tuesday, March 17, 2009 9:50 AM<br><b>To:</b> Barton, Clint; Smith, Travis N.; Jones, Cora M.; James,Jennifer; Redman,Doug S.; Schrof, Tina; Tillman, Edward E.; Van Dyke, Richard L.; FarnerMarkK.; Jamison, Hollie; Stewart, Greg; Young, Justin M.; Pierce, James G.;Spencer, Tim; Alexander, Charles B.; Gordon, Dale E.; Keen, Robert H.<br><b>Subject:</b> FWD: FWD: Hilarious
gerberjjarwoodpcUID PRIM TYPE PRO_DT UID_DT EMPSTAT UIDSTAT
JLP Y NON 9/8/2005 14:18 9/8/2005 15:09 ACT ACTWTR Y NON 10/26/2004 2:00 9/14/2005 15:21 ACT ACTGLF Y NON 3/15/2005 2:00 8/31/2007 14:04 ACT ACTDKP Y NON 7/18/2005 15:03 7/19/2005 15:52 ACT ACT
45 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Sample Initial Setup
[hilarious]# ls -1clickers_pool.txtlup_pool.txtphish.confreceived_pool.txttemplate.htmltest_pool.txtwhole_pool.txt
No File
[email protected]@[email protected]@[email protected]
00007 [email protected] "Gerber, John J" 1231231200009 [email protected] "Pike, Christopher" 2312312300010 [email protected] "Colt, J M" 2312312300011 [email protected] "Boyce, Phillip" 2312312300012 [email protected] "Tyler, Jose" 23123123
TEMPLATE::test::template.htmlTEMPLATE::whole::template.htmlTEMPLATE::lup::template.htmlTEMPLATE::clickers::template.htmlSENDER::test::[email protected]::whole::[email protected]::lup::[email protected]::clickers::[email protected]::test::FWD: FWD: FWD: HilariousSUBJECT::whole::FWD: FWD: FWD: HilariousSUBJECT::lup::FWD: FWD: FWD: That is HilariousSUBJECT::clickers::FWD: FWD: FWD: This is HilariousWEB_HOST::test::www.upostfun.comWEB_HOST::whole::www.upostfun.comWEB_HOST::lup::www.upostfun.comWEB_HOST::clickers::www.upostfun.comEMAIL_FILE::test::test_pool.txtEMAIL_FILE::whole::whole_pool.txtEMAIL_FILE::lup::lup_pool.txtEMAIL_FILE::clickers::clickers_pool.txtREMOVE_EMAIL_FILE::whole::received_pool.txtEMAIL_NUM::test::999EMAIL_NUM::whole::550EMAIL_NUM::lup::999EMAIL_NUM::clickers::999
No File
<html><head> <title>FWD: FWD: FWD: Hilarious</title></head><body bgcolor="#ffffff" text="#000000"><big><big>Check it out!</big></big><br><p class="MsoNormal" style="margin-bottom: 12pt;"><b><span style="font-size: 11pt; font-family: "Tahoma","sans-serif";"><br>From:</span></b><span style="font-size: 11pt; font-family: "Tahoma","sans-serif";">Castle, Frank <br><b>Sent:</b> Tuesday, March 17, 2009 9:50 AM<br><b>To:</b> Barton, Clint; Smith, Travis N.; Jones, Cora M.; James,Jennifer; Redman,Doug S.; Schrof, Tina; Tillman, Edward E.; Van Dyke, Richard L.; FarnerMarkK.; Jamison, Hollie; Stewart, Greg; Young, Justin M.; Pierce, James G.;Spencer, Tim; Alexander, Charles B.; Gordon, Dale E.; Keen, Robert H.<br><b>Subject:</b> FWD: FWD: Hilarious
gerberjjarwoodpcUID PRIM TYPE PRO_DT UID_DT EMPSTAT UIDSTAT
JLP55 Y NON 9/8/2005 14:18 9/8/2005 15:09 ACT ACTWTR21 Y NON 10/26/2004 2:00 9/14/2005 15:21 ACT ACTGLF45 Y NON 3/15/2005 2:00 8/31/2007 14:04 ACT ACTDKP72 Y NON 7/18/2005 15:03 7/19/2005 15:52 ACT ACT
46 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Program: prepare.plRun: prepare.pl <attack_name>
#!/usr/local/bin/perl -wuse DBI;use POSIX qw(strftime);
BEGIN{push @INC, "/home/ger/projects/phish/perl"}use ornl_phish qw($db_host $db $mysql_user $mysql_passwd logit runcommand mailit generate_html user_exist check_attack_type read_config find_attack_name );
sub update_received { my($datafile, $rm_min_date, $dbh) = @_; $error = "";
my %user_list; # Make sure we add back only unqiue ids (no duplicates)
if ( -e $datafile) { my $results = ""; # Pull out the content of previous clickers $/ = "\n"; open(INFILE,$datafile) || ( $error = "ERROR: Problem opening file $datafile: $!\n" );
*.orig - the original files.*_pool.txt - theses are the updated files which the system will use in the next step. Make sure they look correct.received_pool.txt - This file will be updated with unique values that previously existed and data from the database of those who received email under a "whole" attack.sample_*.html - sample emails. Check them out and make sure they look appropriate. Open file in browser and confirm no format problems.
Results
47 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Results: prepare.pl [hilarious]# ls -1
phish.conf
received_pool.txt
sample_test.html
template.html
test_pool.txt
test_pool.txt.orig
File: [email protected]
File: sample_text.html<html><head><title>FWD: FWD: FWD: Hilarious</title>
</head><body bgcolor="#ffffff" text="#000000">
This is hilarious, check it out!<br>
<br>
<a href="http://upostfun.com/hilarious/0123456789/">http://upostfun.com/hilarious/0123456789/2009/04/11/</a><br>
File: test_pool.txt
48 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
View sample_text.htmlUse your
favorite
browser to
pull up
sample_text.html
49 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Inform and Authorize• CIO Authorization
• Helpdesk
• Mail Administrator
• DNS Administrator
50 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Program: go_phishing.plRun: go_phishing.pl
#!/usr/local/bin/perl -w# Perl Modules #use DBI;use POSIX qw(strftime);
BEGIN{push @INC, "/home/ger/projects/phish/perl"}use ornl_phish qw($db_host $db $mysql_user $mysql_passwd logit runcommand mailit generate_html user_exist check_attack_type read_config find_attack_name);
sub modify_apache { my($apache_conf,$apache_temp,$attack_name,$logfile) = @_; my $error = ""; local($datetime) = strftime("%Y%m%d%H%M%S", localtime);
undef $/; open(INFILE,$apache_temp) || ( $error = "ERROR: Problem opening file $apache_temp: $!\n" );
if ($error eq "") {
my $conf_body = <INFILE>; $conf_body =~ s/RewriteEngine On.*/RewriteEngine On/s; my $rc = &runcommand($logfile,"/bin/cp","$apache_conf/httpd.conf","$apache_conf/httpd.conf.$datetime");
· Emails are sent.
· A 30 minute break between groups.
· Web areas created.– images– web page people see when they click– report web area created to watch the progress
· Modify httpd.conf, clear logs, restart server.
Results
Uses: /usr/bin/nc -vv smtpserver.ornl.gov 25
2009-04-29 19:10:28 INFO: Started.
Sending email to gerberjj
smtpserver.ornl.gov [160.91.4.118] 25 (smtp) open
220 mailserver.ornl.gov -- Server ESMTP (PMDF V6.4#31561)
251 mailserver.ornl.gov system name not given in HELO command, phishingphil.ornl.gov [160.91.218.210].
250 2.5.0 Address Ok.
250 2.1.5 [email protected] OK.
354 Enter mail, end with a single ".".
250 2.5.0 Ok.
221 2.3.0 Bye received. Goodbye.
sent 4340, rcvd 301
51 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Modifications to httpd.confRewriteEngine On
RewriteRule ^/hilarious$ /usr/local/apache/htdocs/hilarious/index.html [L]
RewriteRule ^/hilarious/images/[^/]+/(.*)$ /work/software/apache/htdocs/hilarious/images/$1 [L]
RewriteRule ^/hilarious/[^/]+/(.*)$ /work/software/apache/htdocs/hilarious/index.html [L]
RewriteRule ^/hilarious/(.*)$ /work/software/apache/htdocs/hilarious/index.html [L]
52 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Monitoring the Results: Summary
Phishing Technical
53 Managed by UT-Battellefor the U.S. Department of Energy
Phishing Technical
Future
• Request Tracker
• Additional Reports for Management
• Possibly Front End– Easier: Is that a good or bad thing?– HTML editor interface– Grab required information from ORNL DBs– Schedule
54 Managed by UT-Battellefor the U.S. Department of Energy
Final Words
Thank you for the opportunity to discuss our phishing awareness work.
Philip Arwood John [email protected] [email protected]
Source: http://SecurityCartoon.com
Source: http://wombatsecurity.com/antiphishingphilzSource: http://education.apwg.org/r/en
55 Managed by UT-Battellefor the U.S. Department of Energy
Other ORNL Presentations of Interest
SharePoint• Monday, 11:45-Using SharePoint UI to Deliver General Use Applications, Connie
Begovich• Tuesday, 11:45-SharePoint at ORNL, Brett Ellis
Cyber Security• Monday, 1:30-Development of a Process for Phishing Awareness Activities, Philip
Arwood & John Gerber• Monday, 2:15-How I Learned to Embrace the Chaos, Mark Lorenc• Monday, 4:15-TOTEM:The ORNL Threat Evaluation Method, John Gerber & Mark
Floyd
Desktop Management• Monday 4:15-On the Fly Management of UNIX Hosts using CFEngine, Ryan Adamson• Tuesday, 11:00-Implementation of Least User Privileges, Doug Smelcer• Wednesday, 11:45, Microsoft Deployment Using MDT and SCCM, Chad Deguira
Incident Management• Wednesday, 11:00-Helpdesk Operations for Clients Without Admin Privileges, Bob
Beane & Tim Guilliams
IT Modernization• Monday, 2:15-12 Months of Technology, Lara James