Please answer briefly and completely, and you must cite all sources of informati
ID: 3830159 • Letter: P
Question
Please answer briefly and completely, and you must cite all sources of information. (add/state references please)
1. Describe a method for protecting users against URL obfuscation attacks.
2. A common management requirement is that “all external Web traffic must flow via the organization’s Web’s proxy.” However, that requirement is easier stated than implemented. Discuss the various problems and issues, possible solutions, and limitations with supporting this requirement. In particular, consider issues such as identifying exactly what constitutes “Web traffic” and how it may be monitored, given the large range of ports and various protocols used by Web browsers and servers.
Explanation / Answer
1. Describe a method for protecting users against URL obfuscation attacks.
URL obfuscation:
It is a technique used by pishers to trick the users to not be able differentiate fake website from legitimate website by designing the fake website address as similar to legitimate website address by using various methods such as using another encoding methods, registering same domain names, using images, redirection..
To counter this attack user are not supposed to uniquely depend on browser settings, anti-spyware, on other defense mechanisms. User should also be alert and use our option before proceeding visit any site and submit our IDs.
1. Restricting Unicode character constants from browsers.
2. Before clicking on an image, mouse over on the images and hyper links to know actual navigation address, if navigation address is suspicious, do not click on that at in any conditions.
3. Use proxy server and firewalls to filter pishing sites. Periodically add pishing sites to black list.
4. Don't click any links straight from your mail, even if that mail from your trustworthy website or merchant, copy and paste them on your browser and check for visual evidence on for your trusted site. Use your own browser bookmarks to open your trusted sites.
5. If any URL created by using encoding methods other than one used in your browser, convert that encoding to your browse encoding method. Then carefully check that the address is on that you trust or not.
Source from Computer security textbook.