Network Monitoring in a Box - Proactive Security for NextGen

The SecurityBox - NetMon

NetMon SecurityBox is a robust network management system based on opensource linux with a combination of Network appliance and the application based on linux. It is light & stable, handy & secure and does all the proactive security measures of maintaining 100% uptime of network resources. Network Management is often misunderstood as optional measures but when it comes to security, it is the first step towards securing businesses. Our solution requires less space, neglible cabling and cost effective affordability. It has a modern pre-configured, customized and ready-to-deploy Nagios Core image designed to run on low-cost device. At its core NEMS is a lightweight Debian Buster deployment optimized for performance, reliability and ease of use.



Social Engineering : Introduction to phishing and desktop phishing


PHISHING



Phishing is a way to obtain user credentials or other personal information by tricking the user to enter the details in the attacker’s page, which appears to be a legitimate and trustworthy authority to the victim.

Often Phishing is done, spoofing the ID of Email Provider’s (Gmail, Yahoo and Hotmail), Banks and Credit Card Authorities. It is also associated with some information gathering about the target to find what the target’s area of interest is, and to understand to which kind of phishing mail will he react most fast and effectively. Obviously, you won’t send a serious person working in a bank, who loves fishing, a mail to be enrolled in your photography class, in order to ask his credit card details.


Following are three most common of the types of Phishing techniques:



  1. Spear Phishing: Spear Phishing is phishing attempt carried out specifically against a target organization or individual, after gathering required information against the organization.

  2. Clone Phishing: It is the most common type of phishing attack, which involves sending out mass email, or publicizing the phishing URL in any way.

  3. Tabnapping: It is a new type of phishing attack; we will be looking at in the next section.

Desktop Phishing: It involves modifying the hosts file of the victim. We will be looking more about this later. 

 

DESKTOP PHISING



Desktop Phishing isn’t a new concept. This is based on the DNS resolution of systems based on the local hosts file.

In Desktop Phishing, the attacker modifies the hosts file of the victim, and updates his IP mapping to the legitimate URL. So, in this case, even if the attacker types in say, http://facebook.com instead of the original Facebook domain, he would be landing to the attacker’s webpage, having a fake Facebook page.

By default, the hosts file is located at C:\Windows\system32\drivers\etc . One way of triggering this type of phishing attack is to send the victim, a zip file containing the new hosts file with the attacker’s IP matching the domain names he wants to phish. Upon extracting, the zip file would automatically overwrite the existing files that match the same name. Thus the old hosts file would be overwritten with the new attacker’s hosts.