3Com adds anti-phishing to IPS box

3Com this week is expected to add anti-phishing capabilities to its TippingPoint IPS family that could help organizations lower the risk of employees being tricked into handing over sensitive personal or corporate data to fraudulent Web sites.

3Com says the new features can block phishing at every point of attack, from stopping e-mails that contain links to phishing sites to inspecting Web sites for fraudulent content, as well as protecting owners of legitimate Web sites from being hijacked by phishing attacks.

The new capabilities are available to current TippingPoint customers as part of the company's regular Digital Vaccine service, which updates the devices with new virus definitions, signatures and IPS features.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

3Com this week is expected to add anti-phishing capabilities to its TippingPoint IPS family that could help organizations lower the risk of employees being tricked into handing over sensitive personal or corporate data to fraudulent Web sites.

3Com says the new features can block phishing at every point of attack, from stopping e-mails that contain links to phishing sites to inspecting Web sites for fraudulent content, as well as protecting owners of legitimate Web sites from being hijacked by phishing attacks.

The new capabilities are available to current TippingPoint customers as part of the company's regular Digital Vaccine service, which updates the devices with new virus definitions, signatures and IPS features.

Phishing attack campaigns involve two key phases: the hijacking or infiltration of a legitimate Web site, and the sending of phishing e-mails

"Since [the TippingPoint IPS] sits on the network, it can act as a blocking agent for all aspects," of a phishing attack, says Tod Beardsley, lead counter-fraud engineer for TippingPoint.

The TippingPoint IPS device can protect e-commerce and other Web sites that find themselves as victims on the beginning phase of a phishing scam. 3Com says the IPS can block attackers from taking advantage of weaknesses in Web server code that allow attackers to mimic Web sites or redirect traffic from legitimate Web servers to phishing sites. Vulnerabilities in HTML, JavaScript, Microsoft Active Server Pages and other Web page code are common points of attack for phishers, 3Com says.

The TippingPoint box, programmed with such known vulnerabilities, can recognize and block such hack attempts.

This back-end anti-phishing feature is running at a large Web server hosting outfit based in Houston.

A customer's story

An average of around 9,000 phishing attacks per hour are being blocked on the Web hosting firm's network since the anti-phishing scanning was activated on the company's TippingPoint gear, according to David Wartell, network administrator for Everyone's Internet.

"Most customers are good at keeping their servers secure, but sometimes machines get compromised," which can leave them open to phishing scam hijacks, Wartell says.

Click to see: Netting phish attacks

To stop attacks at the most common source - e-mails with links to phishing sites - the TippingPoint device can scan and filter e-mails based on commonly known phishing attack techniques. According to 3Com, stopping such e-mails from entering user in-boxes reduces the risk of employees being defrauded.

To also block users from visiting fraudulent Web sites, the TippingPoint gear can stop a connection to a phishing site even after someone clicks on a link to the site, 3Com says.

The IPS device scans for known exploits in Microsoft Internet Explorer and Outlook, which are used to fool PC users. The TippingPoint product also scans the target Web site to look for known malicious phishing code or other signs of a fake Web site.