Philip Arwood - PowerPoint PPT Presentation

1 / 55
About This Presentation
Title:

Philip Arwood

Description:

Development of a Process for Phishing Awareness ... lower-value attacks to stay under the radar of fraud detection systems that have become pervasive at ... – PowerPoint PPT presentation

Number of Views:91
Avg rating:3.0/5.0
Slides: 56
Provided by: ornlGov
Category:

less

Transcript and Presenter's Notes

Title: Philip Arwood


1
Development of a Process for Phishing Awareness
Activities
  • Philip Arwood
  • John Gerber

2
What Will We Discuss?
  • Phishing and related Problems
  • Real world examples
  • Goals and Challenges of Phishing Awareness
  • Early process
  • Examples (early and current)
  • Stats gathered
  • Phishing Technical Getting Under the Hood

Protecting Your Information
3
If Only Life Was Simple
Protecting Your Information
4
View Point Of The Problem
  • The following is an excerpt from speech by Mr.
    George Tenet, Director, CIA, delivered at the
    Georgia Institute of Technology, Atlanta,
    Georgia.
  • The number of known adversaries conducting
    research on information attacks is increasing
    rapidly and includes intelligence services,
    criminals, industrial competitors, hackers, and
    aggrieved or disloyal insiders.

Protecting Your Information
5
Common Weaknesses
  • Here are some of the most common visible or known
    weaknesses an adversary can exploit to obtain
    critical information
  • Inappropriate use of email / attachments / web
  • Lack of awareness dont know what to protect, or
    who to protect it from
  • Poor access controls
  • Failure to practice need to know
  • Failure to comply with security policies

Protecting Your Information
6
SANS Top Ten List (what people do to mess up
their computer)
  • Number 10 Dont bother with backups
  • Number 9 Use Easy, Quick Passwords
  • Number 8 Believe that Macs dont get viruses
  • Number 7 Click on Everything
  • Number 6 Open ALL Email attachments
  • Number 5 Keep Your hard drive full and
    fragmented
  • Number 4 Install and Uninstall lots of programs
    (especially freeware)
  • Number 3 Turn off the Antivirus because it
    slows down your system
  • Number 2 Surf the Internet without a Hardware
    Firewall and a Software Firewall
  • Number 1 Plug into the Wall without Surge
    Protection

Protecting Your Information
7
Phishing Stats
  • According to Gartner, December 17, 2007
  • The average dollar loss per Phishing Victim is
    866
  • The total dollar loss of all phishing victim over
    a 1 year period is 3.6 Billion
  • The number of people who fell victims to phishing
    scams over that same 1 year period is 3.2 Million
  • According to a Gartner Survey
  • More than 5 million U.S. consumers lost money to
    phishing attacks in the 12 months ending in
    September 2008, a 39.8 percent increase over the
    number of victims a year earlier
  • Survey indicated a trend toward higher-volume and
    lower-value attacks

Protecting Your Information
8
Phishing Stats (cont.)
  • According to SonicWall, 2008
  • The estimated number of phishing e-mails sent
    world-wide each month is 8.5 Billion
  • According to Anti-Phishing Working Group
  • The number of phishing web sites that were
    operational in May 2008 is 32,414

Protecting Your Information
9
Phishing Stats (cont.)
  • According to Gartner, April 2, 2009
  • More than 5 million consumers lost to phishing
    attacks in the 12 months ending in September
    2008, a 39.8 increase over the number of victims
    a year earlier.
  • The average consumer loss in 2008 per phishing
    incident was 351, a 60 decrease from the year
    before. Gartner believes the criminals are
    intentionally engaging in higher volume and
    lower-value attacks to stay under the radar of
    fraud detection systems that have become
    pervasive at banks and other financial services
    providers.
  • About 4.33 of phishing e-mail recipients
    recalled giving away sensitive information after
    they clicked on a phishing e-mail link, which is
    a 45 increase over the prior year.

10
Phishing (Real World) Example 1a
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
11
Phishing (Real World) Example 1b
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
12
Phishing (Real World) Example 1c
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
13
Phishing (Real World) Example 2
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
14
Phishing (Real World) Example 3
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
15
Phishing (Real World) Example 4
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
16
Phishing (Real World) Example 5
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
17
Phishing (Real World) Example 6
  • Point One
  • Point Two
  • Point Three
  • Point Four

Protecting Your Information
18
Why Phish?
  • Benefits
  • Training tool for raising user awareness
    regarding phishing and the dangers.
  • Serves as a self assessment tool.
  • The Challenge
  • To develop phishing emails for monthly
    assessments
  • To develop repeatable and reliable delivery
    methods
  • To gather meaningful statistics for management

Protecting Your Information
19
Summary of Early Phishing Process
  • Phishing Email was developed
  • Researched URL to ensure no real sites were
    used, local redirect created to point to gotcha
    page
  • Recipient list was created
  • UNIX script was used to queue / send email.
  • Gotcha page was monitored for network traffic,
    harvested IPs and times of connections

Protecting Your Information
20
Phishing Emails
  • The early emails were developed to appear plain
    and contain obvious clues such as misspelled
    words, hyphenated URLS, etc.
  • As the process evolved the emails contained less
    obvious clues.
  • Following are examples of emails used early on
    and a few current examples.

Protecting Your Information
21
Early Phishing Example
Protecting Your Information
22
Early Phishing Example (cont)
Protecting Your Information
23
Early Phishing Example (cont)
Protecting Your Information
24
Current Phishing Example
Protecting Your Information
25
Current Phishing Example (cont)
Protecting Your Information
26
Current Phishing Example (cont)
Protecting Your Information
27
Current Phishing Example (cont)
Protecting Your Information
28
Gotcha Page
  • URL points to a web page that states
  • Exercise was initiated by security
  • Gives information regarding what could have
    happened
  • Encourages user to re-take Cyber Awareness
    training (phishing awareness is reinforced in
    cyber awareness training)

Protecting Your Information
29
Gotcha Page
Protecting Your Information
30
What Data Do We Gather?
  • End-User Response Time
  • The time between sending email and notification
    to security via email, phone, SPAM folder,
  • Total number of responses
  • End-User Click Rates
  • When the first click occurred
  • Total number of clicks
  • Who clicked

Protecting Your Information
31
Suggestions for Topics?
  • End-Users appear to be more interested in
  • E-Cards (Valentines, Holiday cards, etc.)
  • Local News (highway construction, etc.)
  • Sports
  • Humor
  • End-Users appear to be less interested in
  • Technology related topics
  • Surveys

Protecting Your Information
32
Results
  • Result summary for 2008

Category Average Percentage
Response to Security in Minutes 22 (Minutes)
Number of Individuals Who Clicked Before Response to Security Was Received 7 1.6
Number of Responses Sent To Security 11 2.7
Number Of Responses Placed In SPAM Folder 8 1.8
Number Of Responses Received Other Ways 1 0.3
Total Response 20 4.8
Total Clickers 42 10.0
  • Result summary for 2009 to date

Category Average Percentage
Response to Security in Minutes 28 (Minutes)
Number of Individuals Who Clicked Before Response to Security Was Received 8 1.5
Number of Responses Sent To Security 4 1.0
Number Of Responses Placed In SPAM Folder 5 1.0
Number Of Responses Received Other Ways 0 -
Total Response 9 1.6
Total Clickers 42 6.8
Protecting Your Information
33
Phishing Technical Getting Under the Hood
John J. Gerber CISSP, GCFA, GCIH, GISP, GSNA
34
A Presentation of Interest
  • Spear Phishing Real Cases, Real Solutions
  • Rohyt Belani, Intrepidus Group.
  • Wednesday, 1100-1145.

Phishing Technical
35
What Will We Discuss?
  • Basic System Setup
  • Configuration Files
  • Database Tables
  • Programs Involved
  • Walk Through
  • Show Sample Results

36
System Configuration
  • Classic LAMP System
  • Linux
  • Apache
  • MySQL
  • Perl
  • ModSecurity
  • Request Tracker
  • Thunderbird

Phishing Technical
37
Create Data Files
  • We keep each anti-phishing exercise in its own
    directory. In each directory create
  • Phishing Email
  • Employee List
  • LUP Exceptions
  • Previous Clickers
  • Exempt List
  • Images

Phishing Technical
38
Sample Configuration File
  • TEMPLATEtesttemplate.html
  • TEMPLATEwholetemplate.html
  • TEMPLATEluptemplate.html
  • TEMPLATEclickerstemplate.html
  • SENDERtestjennifer_james_at_upostfun.com
  • SENDERwholejennider_james_at_upostfun.com
  • SENDERlupJennifer_James_at_upostfun.com
  • SENDERclickersJen_James_at_upostfun.com
  • SUBJECTtestFWD FWD FWD Hilarious
  • SUBJECTwholeFWD FWD FWD Hilarious
  • SUBJECTlupFWD FWD FWD This is Hilarious
  • SUBJECTclickersFWD FWD FWD That is
    Hilarious
  • WEB_HOSTtestupost.com
  • WEB_HOSTwholeupost.com
  • WEB_HOSTlupupost.com
  • WEB_HOSTclickersupost.com
  • EMAIL_FILEtesttest_pool.txt
  • EMAIL_FILEwholewhole_pool.txt
  • EMAIL_FILEluplup_pool.txt

Phishing Technical
39
SCF Template
lt!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"gt lthtmlgt ltheadgt lttitlegtFWD
FWD FWD Hilariouslt/titlegt lt/headgt ltbody
bgcolor"ffffff" text"000000"gt ltbiggtltbiggtCheck
it out!lt/biggtlt/biggtltbrgt ltp class"MsoNormal"
style"margin-bottom 12pt"gtltbgtltspan
style"font-size 11pt font-family
quotTahomaquot,quotsans-serifquot"gtltbrgt F
romlt/spangtlt/bgtltspan style"font-size 11pt
font-family quotTahomaquot,quotsans-serifq
uot"gt Castle, Frank nbspltbrgt ltbgtSentlt/bgt
Tuesday, March 17, 2009 950 AMltbrgt ltbgtTolt/bgt
Barton, Clint Smith, Travis N. Jones, Cora M.
James, Jennifer Redman, Doug S. Schrof, Tina
Tillman, Edward E. Van Dyke, Richard L.
Farner Mark K. Jamison, Hollie Stewart, Greg
Young, Justin M. Pierce, James G. Spencer, Tim
Alexander, Charles B. Gordon, Dale E. Keen,
Robert H.ltbrgt
  • Create
  • HTML Editor Thunderbird
  • Text Based Editor
  • TAGS

http//REPLACEWITHHOST/REPLACEWITHID/ href"mobile
.html href" img src"opening.jpg"
Phishing Technical
40
Database Tables
------------------------------------------------
---- Field Type
------------------------------------
---------------- aid int(10)
unsigned attack_type
enum('lup','test','whole','clickers') started
datetime
ended datetime
first_view datetime
last_view datetime
first_click datetime
last_click datetime
sent_user
varchar(50)
sent_host varchar(50)
subject varchar(50)
body mediumtext
sent_count int(5) unsigned
click_count int(5)
unsigned name
varchar(15)
----------------------------------------------
------
  • attack

Phishing Technical
41
Database Tables (2)
victims
  • -------------------------
  • Field Type
  • -------------------------
  • username varchar(25)
  • dcso varchar(25)
  • last_name varchar(50)
  • first_name varchar(50)
  • user_phone varchar(12)
  • -------------------------

gerberjj arwoodpc Gerber J J (John) 865-574-9756
Phishing Technical
42
Database Tables (3)
victim_pool
  • ----------------------------
  • Field Type
  • ----------------------------
  • uid varchar(25)
  • aid int(10) unsigned
  • username varchar(25)
  • added datetime
  • ----------------------------

ibYyK1x8lstu1KseMrkpdJaHv 14 gerberjj 2009-03-24
103230
43
Database Tables (4)
user123.ornl.gov - - 25/Mar/2009103604 -0400
"GET /photo/ibYyK1x8lstu1KseMrkpdJaHv/showalbulm.p
l?albulmnew HTTP/1.1" 200 2577 "-" "Mozilla/5.0
(X11 U Linux i686 en-US rv1.8.1.19)
Gecko/20081204 SeaMonkey/1.1.14
session
-------------------------------- Field
Type --------------------------
------ uid varchar(25)
sent datetime viewed_time
datetime viewed_log
varchar(255) clicked_time datetime
clicked_log varchar(255) ip
varchar(50) email_sent
enum('yes','no') -----------------------------
---
ibYyK1x8lstu1KseMrkpdJaHv 2009-03-24
134557 NULL NULL 2009-03-25 103604 user123.or
nl.gov no
Phishing Technical
44
Sample Initial Setup
lthtmlgt ltheadgt lttitlegtFWD FWD FWD
Hilariouslt/titlegt lt/headgt ltbody bgcolor"ffffff"
text"000000"gt ltbiggtltbiggtCheck it
out!lt/biggtlt/biggtltbrgt ltp class"MsoNormal"
style"margin-bottom 12pt"gtltbgtltspan
style"font-size 11pt font-family
quotTahomaquot,quotsans-serifquot"gtltbrgt F
romlt/spangtlt/bgtltspan style"font-size 11pt
font-family quotTahomaquot,quotsans-serifq
uot"gt Castle, Frank nbspltbrgt ltbgtSentlt/bgt
Tuesday, March 17, 2009 950 AMltbrgt ltbgtTolt/bgt
Barton, Clint Smith, Travis N. Jones, Cora M.
James, Jennifer Redman, Doug S. Schrof, Tina
Tillman, Edward E. Van Dyke, Richard L.
Farner Mark K. Jamison, Hollie Stewart, Greg
Young, Justin M. Pierce, James G. Spencer, Tim
Alexander, Charles B. Gordon, Dale E. Keen,
Robert H.ltbrgt ltbgtSubjectlt/bgt FWD FWD Hilarious
No File gerberjj_at_ornl.gov arwoodpc_at_ornl.gov goff
y_at_ornl.gov duckd_at_ornl.gov mousem_at_ornl.gov
hilarious ls -1 clickers_pool.txt lup_pool.txt
phish.conf received_pool.txt template.html test_po
ol.txt whole_pool.txt
TEMPLATEtesttemplate.html TEMPLATEwholetem
plate.html TEMPLATEluptemplate.html TEMPLATE
clickerstemplate.html SENDERtestJennifer_Jam
es_at_upostfun.com SENDERwholeJennifer_James_at_upos
tfun.com SENDERlupJen_James_at_upostfun.com SENDE
Rclickersjennifer_james_at_upostfun.com SUBJECT
testFWD FWD FWD Hilarious SUBJECTwholeFWD
FWD FWD Hilarious SUBJECTlupFWD FWD
FWD That is Hilarious SUBJECTclickersFWD
FWD FWD This is Hilarious WEB_HOSTtestwww.up
ostfun.com WEB_HOSTwholewww.upostfun.com WEB_H
OSTlupwww.upostfun.com WEB_HOSTclickerswww
.upostfun.com EMAIL_FILEtesttest_pool.txt EMAI
L_FILEwholewhole_pool.txt EMAIL_FILEluplup
_pool.txt EMAIL_FILEclickersclickers_pool.txt
REMOVE_EMAIL_FILEwholereceived_pool.txt EMAIL_
NUMtest999 EMAIL_NUMwhole550 EMAIL_NUMlu
p999 EMAIL_NUMclickers999
00007 GERBERJJ_at_ORNL.GOV "Gerber, John J"
12312312 00009 PIKEC_at_ORNL.GOV
"Pike, Christopher" 23123123 00010
COLTJM_at_ORNL.GOV "Colt, J M"
23123123 00011 BOYCEP_at_ORNL.GOV
"Boyce, Phillip" 23123123 00012
TYLEYJ_at_ORNL.GOV "Tyler, Jose"
23123123
No File
kirckjt_at_ornl.gov mccoylb_at_ornl.gov suluh_at_ornl.gov c
hekov_at_ornl.gov
gerberjj arwoodpc
UID PRIM TYPE PRO_DT UID_DT
EMPSTAT UIDSTAT JLP Y NON
9/8/2005 1418 9/8/2005 1509 ACT
ACT WTR Y NON 10/26/2004 200
9/14/2005 1521 ACT ACT GLF Y
NON 3/15/2005 200 8/31/2007 1404 ACT
ACT DKP Y NON 7/18/2005
1503 7/19/2005 1552 ACT ACT
Phishing Technical
45
Sample Initial Setup
lthtmlgt ltheadgt lttitlegtFWD FWD FWD
Hilariouslt/titlegt lt/headgt ltbody bgcolor"ffffff"
text"000000"gt ltbiggtltbiggtCheck it
out!lt/biggtlt/biggtltbrgt ltp class"MsoNormal"
style"margin-bottom 12pt"gtltbgtltspan
style"font-size 11pt font-family
quotTahomaquot,quotsans-serifquot"gtltbrgt F
romlt/spangtlt/bgtltspan style"font-size 11pt
font-family quotTahomaquot,quotsans-serifq
uot"gt Castle, Frank nbspltbrgt ltbgtSentlt/bgt
Tuesday, March 17, 2009 950 AMltbrgt ltbgtTolt/bgt
Barton, Clint Smith, Travis N. Jones, Cora M.
James, Jennifer Redman, Doug S. Schrof, Tina
Tillman, Edward E. Van Dyke, Richard L.
Farner Mark K. Jamison, Hollie Stewart, Greg
Young, Justin M. Pierce, James G. Spencer, Tim
Alexander, Charles B. Gordon, Dale E. Keen,
Robert H.ltbrgt ltbgtSubjectlt/bgt FWD FWD Hilarious
No File gerberjj_at_ornl.gov arwoodpc_at_ornl.gov goff
y_at_ornl.gov duckd_at_ornl.gov mousem_at_ornl.gov
hilarious ls -1 clickers_pool.txt lup_pool.txt
phish.conf received_pool.txt template.html test_po
ol.txt whole_pool.txt
TEMPLATEtesttemplate.html TEMPLATEwholetem
plate.html TEMPLATEluptemplate.html TEMPLATE
clickerstemplate.html SENDERtestJennifer_Jam
es_at_upostfun.com SENDERwholeJennifer_James_at_upos
tfun.com SENDERlupJen_James_at_upostfun.com SENDE
Rclickersjennifer_james_at_upostfun.com SUBJECT
testFWD FWD FWD Hilarious SUBJECTwholeFWD
FWD FWD Hilarious SUBJECTlupFWD FWD
FWD That is Hilarious SUBJECTclickersFWD
FWD FWD This is Hilarious WEB_HOSTtestwww.up
ostfun.com WEB_HOSTwholewww.upostfun.com WEB_H
OSTlupwww.upostfun.com WEB_HOSTclickerswww
.upostfun.com EMAIL_FILEtesttest_pool.txt EMAI
L_FILEwholewhole_pool.txt EMAIL_FILEluplup
_pool.txt EMAIL_FILEclickersclickers_pool.txt
REMOVE_EMAIL_FILEwholereceived_pool.txt EMAIL_
NUMtest999 EMAIL_NUMwhole550 EMAIL_NUMlu
p999 EMAIL_NUMclickers999
00007 GERBERJJ_at_ORNL.GOV "Gerber, John J"
12312312 00009 PIKEC_at_ORNL.GOV
"Pike, Christopher" 23123123 00010
COLTJM_at_ORNL.GOV "Colt, J M"
23123123 00011 BOYCEP_at_ORNL.GOV
"Boyce, Phillip" 23123123 00012
TYLEYJ_at_ORNL.GOV "Tyler, Jose"
23123123
No File
kirckjt_at_ornl.gov mccoylb_at_ornl.gov suluh_at_ornl.gov c
hekov_at_ornl.gov
gerberjj arwoodpc
UID PRIM TYPE PRO_DT UID_DT
EMPSTAT UIDSTAT JLP55 Y
NON 9/8/2005 1418 9/8/2005 1509 ACT
ACT WTR21 Y NON 10/26/2004
200 9/14/2005 1521 ACT ACT GLF45
Y NON 3/15/2005 200 8/31/2007
1404 ACT ACT DKP72 Y NON
7/18/2005 1503 7/19/2005 1552 ACT
ACT
Phishing Technical
46
Program prepare.pl
  • Run prepare.pl ltattack_namegt
  • Results

!/usr/local/bin/perl -w use DBI use POSIX
qw(strftime) BEGINpush _at_INC,
"/home/ger/projects/phish/perl" use ornl_phish
qw(db_host db mysql_user mysql_passwd logit
runcommand mailit generate_html user_exist
check_attack_type read_config find_attack_name
) sub update_received my(datafile,
rm_min_date, dbh) _at__ error "" my
user_list Make sure we add back
only unqiue ids (no duplicates) if ( -e
datafile) my results "" Pull
out the content of previous clickers /
"\n" open(INFILE,datafile) ( error
"ERROR Problem opening file datafile !\n" )
  • .orig - the original files.
  • _pool.txt - theses are the updated
    files which the system
  • will use in the
    next step. Make sure they look
  • correct.
  • received_pool.txt - This file will be updated
    with unique values that
  • previously existed
    and data from the database of
  • those who received
    email under a "whole" attack.
  • sample_.html - sample emails. Check them
    out and make sure they
  • look appropriate.
    Open file in browser and confirm
  • no format
    problems.

Phishing Technical
47
Results prepare.pl
File received_pool.txt user1_at_ornl.gov user2_at_ornl.
gov user3_at_ornl.gov user4_at_ornl.gov user5_at_ornl.gov
  • hilarious ls -1
  • phish.conf
  • received_pool.txt
  • sample_test.html
  • template.html
  • test_pool.txt
  • test_pool.txt.orig

File test_pool.txt arwoodpc_at_ornl.gov gerberjj_at_orn
l.gov
File sample_text.html lthtmlgtltheadgtlttitlegtFWD
FWD FWD Hilariouslt/titlegt lt/headgtltbody
bgcolor"ffffff" text"000000"gt This is
hilarious, check it out!ltbrgt ltbrgt lta
href"http//upostfun.com/hilarious/0123456789/"gth
ttp//upostfun.com/hilarious/0123456789/2009/04/11
/lt/agtltbrgt
Phishing Technical
48
View sample_text.html
Use your favorite browser to pull
up sample_text.html
Phishing Technical
49
Inform and Authorize
  • CIO Authorization
  • Helpdesk
  • Mail Administrator
  • DNS Administrator

Phishing Technical
50
Program go_phishing.pl
  • Results
  • Run go_phishing.pl

!/usr/local/bin/perl -w Perl Modules use
DBI use POSIX qw(strftime) BEGINpush _at_INC,
"/home/ger/projects/phish/perl" use ornl_phish
qw(db_host db mysql_user mysql_passwd logit
runcommand mailit generate_html user_exist
check_attack_type read_config find_attack_name)
sub modify_apache my(apache_conf,apache_tem
p,attack_name,logfile) _at__ my error
"" local(datetime) strftime("YmdHMS"
, localtime) undef / open(INFILE,apache
_temp) ( error "ERROR Problem opening file
apache_temp !\n" ) if (error eq "")
my conf_body ltINFILEgt conf_body
s/RewriteEngine On./RewriteEngine On/s my
rc runcommand(logfile,"/bin/cp","apache_conf
/httpd.conf", "apache_conf/httpd.conf.datetime")
  • Emails are sent.
  • A 30 minute break between groups.
  • Web areas created.
  • images
  • web page people see when they click
  • report web area created to watch the progress
  • Modify httpd.conf, clear logs, restart server.

Uses /usr/bin/nc -vv smtpserver.ornl.gov
25 2009-04-29 191028 INFO Started. Sending
email to gerberjj smtpserver.ornl.gov
160.91.4.118 25 (smtp) open 220
mailserver.ornl.gov -- Server ESMTP (PMDF
V6.431561) 251 mailserver.ornl.gov system name
not given in HELO command, phishingphil.ornl.gov
160.91.218.210. 250 2.5.0 Address Ok. 250 2.1.5
gerberjj_at_ornl.gov OK. 354 Enter mail, end with a
single ".". 250 2.5.0 Ok. 221 2.3.0 Bye received.
Goodbye. sent 4340, rcvd 301
Phishing Technical
51
Modifications to httpd.conf
  • RewriteEngine On
  • RewriteRule /hilarious /usr/local/apache/htdocs/
    hilarious/index.html L
  • RewriteRule /hilarious/images///(.)
    /work/software/apache/htdocs/hilarious/images/1
    L
  • RewriteRule /hilarious///(.)
    /work/software/apache/htdocs/hilarious/index.html
    L
  • RewriteRule /hilarious/(.) /work/software/apach
    e/htdocs/hilarious/index.html L

Phishing Technical
52
Monitoring the Results Summary
Phishing Technical
Phishing Technical
53
Future
  • Request Tracker
  • Additional Reports for Management
  • Possibly Front End
  • Easier Is that a good or bad thing?
  • HTML editor interface
  • Grab required information from ORNL DBs
  • Schedule

Phishing Technical
54
Final Words
Source http//SecurityCartoon.com
Thank you for the opportunity to discuss our
phishing awareness work. Philip Arwood John
Gerber arwoodpc_at_ornl.gov gerberjj_at_ornl.gov
Source http//education.apwg.org/r/en
Source http//wombatsecurity.com/antiphishingphil
z
55
Other ORNL Presentations of Interest
  • SharePoint
  • Monday, 1145-Using SharePoint UI to Deliver
    General Use Applications, Connie Begovich
  • Tuesday, 1145-SharePoint at ORNL, Brett Ellis
  • Cyber Security
  • Monday, 130-Development of a Process for
    Phishing Awareness Activities, Philip Arwood
    John Gerber
  • Monday, 215-How I Learned to Embrace the Chaos,
    Mark Lorenc
  • Monday, 415-TOTEMThe ORNL Threat Evaluation
    Method, John Gerber Mark Floyd
  • Desktop Management
  • Monday 415-On the Fly Management of UNIX Hosts
    using CFEngine, Ryan Adamson
  • Tuesday, 1100-Implementation of Least User
    Privileges, Doug Smelcer
  • Wednesday, 1145, Microsoft Deployment Using MDT
    and SCCM, Chad Deguira
  • Incident Management
  • Wednesday, 1100-Helpdesk Operations for Clients
    Without Admin Privileges, Bob Beane Tim
    Guilliams
  • IT Modernization
  • Monday, 215-12 Months of Technology, Lara James
Write a Comment
User Comments (0)
About PowerShow.com