Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Combating phishing for banks / Story of a former worm target / Disaster preparation

Published: 2004-09-10
Last Updated: 2004-09-10 23:53:40 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
Combating Phishing

A document outlining some simple steps that financial institutions can take to limit the impact of phishing on their website titled "6 simple steps for businesses to beat phishing" is now available at http://isc.sans.org/presentations/phishthat.pdf

There are a number of active phishing emails in the wild. Be on the look out for them. Some of them point to sites which are no longer responding fortunately, many are still active though.

Worm Targets

We were contacted by a site which was a target for one of the bagle worms. They are seeing a large amount of traffic from infected hosts. Any one else out there have a story like this to share? We'd like to identify potential collection points for finding infected hosts.

Hurricane Preparations

In response to yesterday's query about preparing for a hurricane, Travis Abrams had this advice to share:



Local IT staff


- Work with local building management to coordinate building shutdowns. Be aware that most buildings will begin shutdown procedures when a Hurricane Warning is issued. (If they say power is going off at 1:00 pm that means power is shutdown at that time not that they are starting to shutdown.) Coordinate with firm wide IT to begin systems shutdown 30 minutes prior to building shutdowns.

- Work with local managers and share any information with Firm wide IT.

- Loaner laptops should be issued to key personnel that do not have laptops.

- Keep a loaner laptop that contains Ghost images for desktops/laptops.

- Ensure you have updated your contact information in the IT Contacts.



Firm wide IT


- Perform a full backup of all systems 4 days prior to the impact of the storm unless already scheduled. Have backups sent off site. (Be aware that UPS, FedEx, etc will stop shipments prior to the hurricanes impact.)

- Perform incremental backups every night prior to storm and have them sent off site

- Perform Full backup prior to storm impact if possible. Have local IT retain control.

- Once building power is shutdown redirect the main numbers for the affected offices to an offsite voicemail box. (This eliminates busy signals and we can notify clients of the offices' status.)

- Updates Office Closure hotline as the situation changes.

- Update Intranet with Hurricane updates for offices in unaffected regions.

- Prepare alternate procedures for the firm wide helpdesk.

- Get any necessary equipment into or out off the offsite datacenters. (Be aware the datacenter will not allow access 48 hours prior to the storm making landfall in the area and will not resume until the local authorities have deemed it safe to travel)

- Wrap critical systems that are located in the affected offices in plastic to help reduce water damage.



Hoping for a dry weekend for those who are recovering from or preparing to weather the storms in both hemispheres.




Dan Goldberg

dan at madjic dot net

Keywords:
0 comment(s)
Diary Archives