Anti-pharming
Encyclopedia
Anti-pharming techniques and technology are used to combat pharming
.
Traditional methods for combating pharming include: Server-side software, DNS protection, and web browser
add-ins such as toolbar
s. Server-side software is typically used by enterprises to protect their customers and employees who use internal or private web-based systems from being pharmed and phished, while browser add-ins allow individual users to protect themselves from phishing
. DNS protection mechanisms help ensure that a specific DNS
server cannot be hacked
and thereby become a facilitator of pharming
attacks. Spam
filters typically do not provide users with protection against pharming.
Currently the most efficient way to prevent pharming is for end users to make sure they are using secure web connections (HTTPS
) to access privacy sensitive sites such as those for banking or taxing, and only accept the valid public key certificate
s issued by trusted sources. A certificate from an unknown organisation or an expired certificate should not be accepted all the time for crucial business. So-called active cookies provide for a server-side detection tool.
Legislation also plays an essential role in anti-pharming. In March 2005, U.S. Senator
Patrick Leahy
(D-VT
) introduced the Anti-Phishing Act of 2005, a bill
that proposes a five-year prison sentence and/or fine for individuals who execute phishing
attacks and use information garnered through online fraud such as phishing
and pharming
to commit crimes such as identity theft
.
For home users of consumer-grade routers and wireless access points, perhaps the single most effective defense is to change the password on the router to something other than the default, replacing it with a password that is not susceptible to a dictionary attack
.
Pharming
Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving...
.
Traditional methods for combating pharming include: Server-side software, DNS protection, and web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
add-ins such as toolbar
Toolbar
In a graphical user interface, on a computer monitor, a toolbar is a GUI widget on which on-screen buttons, icons, menus, or other input or output elements are placed. Toolbars are seen in office suites, graphics editors, and web browsers...
s. Server-side software is typically used by enterprises to protect their customers and employees who use internal or private web-based systems from being pharmed and phished, while browser add-ins allow individual users to protect themselves from phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
. DNS protection mechanisms help ensure that a specific DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
server cannot be hacked
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
and thereby become a facilitator of pharming
Pharming
Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving...
attacks. Spam
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
filters typically do not provide users with protection against pharming.
Currently the most efficient way to prevent pharming is for end users to make sure they are using secure web connections (HTTPS
Https
Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
) to access privacy sensitive sites such as those for banking or taxing, and only accept the valid public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s issued by trusted sources. A certificate from an unknown organisation or an expired certificate should not be accepted all the time for crucial business. So-called active cookies provide for a server-side detection tool.
Legislation also plays an essential role in anti-pharming. In March 2005, U.S. Senator
United States Senate
The United States Senate is the upper house of the bicameral legislature of the United States, and together with the United States House of Representatives comprises the United States Congress. The composition and powers of the Senate are established in Article One of the U.S. Constitution. Each...
Patrick Leahy
Patrick Leahy
Patrick Joseph Leahy is the senior United States Senator from Vermont and member of the Democratic Party. He is the first and only elected Democratic United States Senator in Vermont's history. He is the chairman of the Senate Judiciary Committee. Leahy is the second most senior U.S. Senator,...
(D-VT
Vermont
Vermont is a state in the New England region of the northeastern United States of America. The state ranks 43rd in land area, , and 45th in total area. Its population according to the 2010 census, 630,337, is the second smallest in the country, larger only than Wyoming. It is the only New England...
) introduced the Anti-Phishing Act of 2005, a bill
Bill (proposed law)
A bill is a proposed law under consideration by a legislature. A bill does not become law until it is passed by the legislature and, in most cases, approved by the executive. Once a bill has been enacted into law, it is called an act or a statute....
that proposes a five-year prison sentence and/or fine for individuals who execute phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
attacks and use information garnered through online fraud such as phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
and pharming
Pharming
Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving...
to commit crimes such as identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
.
For home users of consumer-grade routers and wireless access points, perhaps the single most effective defense is to change the password on the router to something other than the default, replacing it with a password that is not susceptible to a dictionary attack
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
.