Date post: | 31-Dec-2015 |
Category: |
Documents |
Upload: | ethan-strickland |
View: | 31 times |
Download: | 0 times |
© 2004 VeriSign, Inc.
Secure LetterheadPhillip Hallam-Baker
Principal Scientist
VeriSign Inc.
2
We are not in Kansas any more
3
Their Goal
4
Our Goal
5
We do not have to find a silver bullet
6
20% reduction
7
Makeyour problemtheir problem
8
Phishing:The use of social engineering to
steal access credentials
9
Approach 1Respond to Attacks
10
Approach 2Deploy Strong
Credentials
11
Approach 2Disrupt the Social
Engineering Attack
12
User Education
13
The Real End-to-End Security Story
14
We must take multiple approaches
15
Which is Best?
16
All of them.
17
Strong Inbound Authentication+
Fraud Detection+
Capture Site Take Down+
Strong Outbound Authentication
18
Secure Letterhead:How to know a
message is authentic
20
before the next horse…
22
How does a user identify a site today?
23
What was the DNS designed to do?
24
A location service should be permissive
+ Where do I find The dotFuture Manifesto on the Web?+ www.thedotfuturemanifesto.com+ www.the-dotfuture-manifesto.com+ www.thedotfuturemanifesto.org+ dotfuturemanifesto.blogspot.com
25
An authentication service should be
restrictive
26
Solution:Separate the
authentication channel
27
How do we deploy?
28
Solution:Leverage the SSL Certificate Market
29
First Generation SSL Certs:
Accountability
30
Secure Letterhead
31
32
Who Guards the Guardians?
33
Accountability
34
The Trust Brand on the Line
35
What is missing?
36
Browser Support
37
LOGOTYPE Certificate Issuers
© 2004 VeriSign, Inc.
Thank Youwww.verisign.com/antiphishing
dotcrimemanifesto.blogspot.com