Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Part 7/9
The questions that we will need to answer before we
start the project of - building a defense system that
will pr...
2
• Creating The Required Framework For The Spoof Mail Attack Defense System
• The Major Areas For Which We Will Have To T...
Creating The Required
Framework For The
Spoof Mail Attack
Defense System
Eyal Doron o365info.com
The famous headache syndrome that is caused
by the need to get all the necessary decisions.
Spoof ...
The Major Areas For
Which We Will Have To
Take Decisions.
Eyal Doron o365info.com
The major obstacles on the path for providing our
organization a good protection from Spoof E-mail...
The Definition Of Spoof
Mail
Eyal Doron o365info.com
It is easy to identify duck!
Eyal Doron o365info.com
What do I want to do to a Spoof mail ?
Q1:
Q2: When we identify a specific E-mail message that loo...
Eyal Doron o365info.com
How do we define a scenario of Spoof mail?
A B
The source sender support
sender verification stand...
Choosing The “Right”
Sender Verification
Standard For Our
Organization
Eyal Doron o365info.com
Sender verification standards and mechanism | Decision Making
What Sender verification standards  ...
What Are The Factors,
That Influence Our
Decision Regarding The
Question Of – “What To
Do With Mail Identified
As Spoof Ma...
Eyal Doron o365info.com
What is our level of certainty regarding a
Spoofed E-mail message?
Spoofed E-mail message
20%? 60%...
Eyal Doron o365info.com
Two major scenarios of Spoof mail attack
Hostile element uses Spoof mail
to attack our organizatio...
Eyal Doron o365info.com
Why should we do with Spoof mail?
What Do We Want To Do
With Spoof Mail?
Eyal Doron o365info.com
How should we react to a scenario, in which our defense mechanism
identifies a specific E-mail mes...
Eyal Doron o365info.com
How should we react to a scenario, in which our defense mechanism
identifies a specific E-mail mes...
Eyal Doron o365info.com
DMARC
SPF
Monitor (do nothing)
Quarantine (mark the email as spam)
Reject (Block delete the email)...
Building a defense system that will protect us from spoof mail attacks   part 7#9 | Eyal Doron | o365info.com
Upcoming SlideShare
Loading in …5
×

0

Share

Download to read offline

Building a defense system that will protect us from spoof mail attacks part 7#9 | Eyal Doron | o365info.com

Download to read offline

The planning stage of the “defense system” that protects our mail infrastructure, and our users from Spoof mail attack, need to begin with a definition of some framework.
This framework will serve as a “logical container,” that defines the specific structure and the characters of our defense system, that will need to deal with the Spoof mail attack.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Building a defense system that will protect us from spoof mail attacks part 7#9 | Eyal Doron | o365info.com

  1. 1. Part 7/9 The questions that we will need to answer before we start the project of - building a defense system that will protect us from Spoof mail attacks
  2. 2. 2 • Creating The Required Framework For The Spoof Mail Attack Defense System • The Major Areas For Which We Will Have To Take Decisions. • The Definition Of Spoof Mail • Choosing The “Right” Sender Verification Standard For Our Organization • What Are The Factors, That Influence Our Decision Regarding The Question Of – “What To Do With Mail Identified As Spoof Mail?“ • What Do We Want To Do With Spoof Mail? AGENDA
  3. 3. Creating The Required Framework For The Spoof Mail Attack Defense System
  4. 4. Eyal Doron o365info.com The famous headache syndrome that is caused by the need to get all the necessary decisions. Spoof mail attack and Phishing mail attacks
  5. 5. The Major Areas For Which We Will Have To Take Decisions.
  6. 6. Eyal Doron o365info.com The major obstacles on the path for providing our organization a good protection from Spoof E-mail attacks
  7. 7. The Definition Of Spoof Mail
  8. 8. Eyal Doron o365info.com It is easy to identify duck!
  9. 9. Eyal Doron o365info.com What do I want to do to a Spoof mail ? Q1: Q2: When we identify a specific E-mail message that looks like a Spoof mail, can you be sure 100% that we really want to destroy this E-mail message? When we say that a specific E-mail message was identified as Spoof mail," can you be sure 100% that the E-mail message is indeed Spoof mail?
  10. 10. Eyal Doron o365info.com How do we define a scenario of Spoof mail? A B The source sender support sender verification standard The source sender doesn't support sender verification standard Sender verification failed Sender verification completed successfully  A.1 A.2 We can verify the sender identity, only in a specific scenario in which our mail infrastructure is based on Exchange, and the attacker uses our organizational identity
  11. 11. Choosing The “Right” Sender Verification Standard For Our Organization
  12. 12. Eyal Doron o365info.com Sender verification standards and mechanism | Decision Making What Sender verification standards mechanism should I choose? Should I choose specific verification standards mechanism or a combination of more than one standard mechanism? What is the difficulty level for implementing each of the verification standards mechanism? In case that we decide to use a combination of two or more sender verification standards, is there a specific standard that its recommended to adapt in the begging and down the road, adapting the additional standards?
  13. 13. What Are The Factors, That Influence Our Decision Regarding The Question Of – “What To Do With Mail Identified As Spoof Mail?“
  14. 14. Eyal Doron o365info.com What is our level of certainty regarding a Spoofed E-mail message? Spoofed E-mail message 20%? 60%? 80%? 100%?
  15. 15. Eyal Doron o365info.com Two major scenarios of Spoof mail attack Hostile element uses Spoof mail to attack our organization users. A B Hostile element uses our organizational identity to attack other organization's recipients.
  16. 16. Eyal Doron o365info.com Why should we do with Spoof mail?
  17. 17. What Do We Want To Do With Spoof Mail?
  18. 18. Eyal Doron o365info.com How should we react to a scenario, in which our defense mechanism identifies a specific E-mail message as Spoof mail?  Send the E-mail message to user quarantine?  Send the E-mail message to administrative quarantine? Delete the E-mail message? Send the E-mail message to quarantine? Forward the Spoofed E-mail message to additional examination? Forward the E-mail message to the original recipient but, mark the E-mail message as spam?
  19. 19. Eyal Doron o365info.com How should we react to a scenario, in which our defense mechanism identifies a specific E-mail message as Spoof mail?  The need for analyzing the information  The need for Forensic Save a copy of the Spoofed E-mail message? Allocate a dedicated storage for storing a copy of the spoofed E-mail messages? The need for information the sender destination recipient Notify the sender that his E-mail message was identified as Spoof mail? Notify the destination recipient that an E-mail message that was sent to him was identified as Spoof mail?
  20. 20. Eyal Doron o365info.com DMARC SPF Monitor (do nothing) Quarantine (mark the email as spam) Reject (Block delete the email) Soft fail - accept but mark Hard fail -reject What is the required action that we advise the other side to do, when they identify Spoof mail that uses our organizational identity?

The planning stage of the “defense system” that protects our mail infrastructure, and our users from Spoof mail attack, need to begin with a definition of some framework. This framework will serve as a “logical container,” that defines the specific structure and the characters of our defense system, that will need to deal with the Spoof mail attack.

Views

Total views

570

On Slideshare

0

From embeds

0

Number of embeds

5

Actions

Downloads

6

Shares

0

Comments

0

Likes

0

×