Slashdot Mirror
Network-Based Solution for Phishing Attacks?
An anonymous reader is curious about this: "A company called TippingPoint (3com) sells an Intrusion Prevention System (IPS) that promise 'to block phishing attempts and guard against identity theft'. What I found interesting is the wide spectrum of actions they take to acheive a single goal: 'The IPS uses a variety of mechanisms to detect and prevent phishing scams including vulnerability protection, pattern-matching protection, and behavior-based protection.' What do you think about the effectivness of IPS?"
It's not every day that you can get on "Ask Slashdot" by quoting brochure copy. If multiple vendors were mentioned I'd take this seriously, but this sounds a lot like a marketing shill to me.
According to Randy Williams, CTO at Everyone's Internet (EV1Servers.net)...
Wait, isn't EV1Servers.net the morons that paid SCO for a Linux IP license. Oh yeah *I'm* going to trust their opinion on *anything*. This is *such* a shill post.
... I've lost 20 pounds, my acne has cleared up, my wife moved back in and doesn't want a divorce anymore, my dog somehow got un-hit by a car and is alive again, my son stopped using drugs, my daughter isn't pregnant anymore, my truck magically fixed itself and runs again, my boss called and gave me my job back, my dialup connection allows me to surf up to 5x faster than before, I'm not dumb enough to click on emails from banks anymore, I'm suddenly brilliant enough to realize that I've never had an EBay account, and I'm suddenly brilliant enough to realize that Paypal doesn't NEED to verify what my password is.
Yep, this IPS is amazing. It is only rivaled by the greatness of the Virus Scanner that runs on my PocketPC, which detects every known PktPC virus ever created. I'm still trying to figure out how they do that with a signiture database that is 0 bytes in length, but...
help me i've cloned myself and can't remember which one I am
A few months ago I took part in a test of several IPS units from major manufacturers. We had the manufacturer set them up with the "toughest" settings to make our network as secure as possible. We ran several different hacks, malicious code, exploits, etc through the IPS. The IPSs blocked hardly any attacks through. Even exploits that were a decade old that the unit was supposedly blocking were allowed through. From what we could determine, they were pretty much glorified anti-virus boxes. They relied far too much on signature files instead of heuristics. IPSs have a long way to maturity IMHO.
Q: What do you get when you listen to country music backwards? ...
A: You get your dog back, you get your wife back, you get your job back,
Q: What happens when you use IPS and listen to country music backwards?
A: (see parent)
it's at least twice a year that one of them goes wrong and locks out half the traffic on our entire network for 24-48 hours ... all the while, they fervently deny that there's anything wrong. until eventually they find the problem and quietly announce that the Tipping Point boxes were reconfigured and all's well.
surely, there are better systems available -- and Tipping Point's systems might actually work well, but an IPS box is not something you can plug in and expect to magically clean your network of unwanted traffic, while passing everything you consider legitimate. like any other security tool, it only does its job well in qualified hands.
Dunno about you, but Intrusion Protection conjures up images of firewalls, virus scanning and script blocking software to me...
The friendliest digital photography forums on the net!
They appear to be supremely effective in getting a Slashvertisement. An anonymous reader my ass . . .
Mr. Anonymous Reader, tell us a bit about this IPS. What makes it special? How does it work? Is it repackaged Snort/IPTables with a dose of ClamAV for antiPhishing? If you are going to flog your press releases on Slashdot, you'd better be prepared to offer up some technical details. We kill salesdroids for sport!
Are you a total tool, or what?
It can't possibly work.
Nearly every company I deal with for paying bills, purchasing, etc... all use an outside company for bill-processing.
I get emails all of the time from my utilities providers (water, electricity, phone, cable+internet, etc.) for various reasons that happen to have links to outside companies.
Even ebay/paypal do this, although verification with them is easier - a simple "whois ebay-whateverthisnewhostnameiveneverheardof.com" returns the same owners as "whois ebay.com".
Unfortunately, I have to physically call or email the rest of them in order to find out if they are, in fact, using this particular outside company for their transactions.
Heck, even my credit-union recently started doing this! I sent them an email explaining why it is such a horrid idea for a financial provider to get their members used to dealing with outside companies to handle their accounts. Makes phishing sooooo easy.
How can an appliance possibly perform these kinds of tasks to verify speedypay.com is actually accepting payments for viter-water.com?
One (hyphenated) word: Snake-Oil
- Preferences: Solaris 10 (servers), Ubuntu (desktops), Solaris 11 (personal servers) -
unless they scan at the packet level, but Mailscanner http://mailscanner.info/ already does a pretty good job of detecting and disarming those types of messages already. My MailScanner setup uses Postfix / Postgrey / Clamav / Spamassassin / bayes / Rules DeJour /w some custom rules of my own thrown in.. And so far my users have not seen one phish attempt nor virus and not only that but Mailscanner has been detecting these for over a year now.
Sig