Skip to content

SECURED-FP7/secured-psa-antiphishing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

NED_files/TVDM

NED_files/TVDM

 
 

PSA

PSA

 
 

images

images

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

antiPhishingPSA.xml

antiPhishingPSA.xml

 
 

copy_psa_sw_to_vm.sh

copy_psa_sw_to_vm.sh

 
 

copy_psa_to_ned.sh

copy_psa_to_ned.sh

 
 

hostname

hostname

 
 

hosts

hosts

 
 

Repository files navigation

1. End-user

1.1 Description / general readme

Nowadays, the internet is part of our lives. This means that as the network grows exponentially, so do the vulnerabilities in it, and the chances of infecting your computer with a virus or falling into any website that tries to get your credentials and use them for their own profit.

This PSA is mainly in charge of avoiding some of these attacks. Particularly, it is in charge of avoiding "Phishing", i.e., forbidding the user to visit malicious sites with a high probability of having their credentials stolen.

This PSA acts as a transparent proxy that filters all the traffic identified as malicious, using a public AWPG Anti-Phishing database. More specifically, the blacklist entered into the proxy may be found at E-CrimeX.

An schema for this PSA behavior would be:

Antiphishing PSA schema for End User

1.2 Features / Capabilities

This PSA is able to filter unwanted site accesses using the blacklist.

The list of capabilities are (extracted from manifest):

  • Antiphishing: offers the possibility of being protected of phishing attacks

The internal used technologies are:

  • Squid
  • iptables
  • ebtables
  • jq

1.3 Security policy examples

The following examples list some possibly policies that can be enabled from the SECURED GGUI.

I enable the antiphishing detection from [E-CrimeX](https://ecrimex.net/)

  • This policy configures antiphishing PSA to block the traffic to the domains detected as phishing, e.g., www.mega.nz.

1.4 Support, troubleshooting / known issues

Currently the blacklist is manually updated, having an autoupdate mechanism may be interesting.

2. Developer / admin

Description / general readme

The Antiphishing PSA acts like a transparent proxy avoiding the access to phishing sites. This proxy is managed by Squid, checking the traffic and comparing it to a public blacklist containing many already known phishing urls. If the traffic destination does not belong to any site in the blacklist it allows the traffic normally.

Components and Requirements

VM technology allows creating a full system for the PSA. The components used in this PSA are:

  • Operative System: Debian 7 "wheezy"
  • iptables
  • ebtables
  • brigde-utils
  • squid3
  • jq

The blacklist must be located in "/home/psa/phishinglist" and must be a list of URLs, one per line.

This list should be updated once per week.

Detailed architecture

There are several components in the internal architecture:

  • Inspect and route traffic. ebtables is used to set up rules to inspect Ethernet frames between eth0 and eth1 and force the traffic to be routed instead of being just bridged. By this, the traffic will be routed through the Squid proxy.

  • Filter the traffic. Squid checks all the traffic, filtering it if it is detected as phishing.

Rules

There are no rules

Certificates

There are no needed certificates

Virtual machine image creation

The procedure to create a valid PSA image from scratch start with the prerequisite instructions defined in PSA Developer guide to obtain a valid base image for PSA.

Install the required software:

	sudo apt-get -y install squid3 ebtables bridge-utils jq

Copy the necessary files of this project in the folder:

$HOME/phytonScript/

Mobility Support

This PSA supports the mobility scenario.

Support, troubleshooting / known issues

Currently the blacklist is manually updated, having an autoupdate mechanism may be interesting.

Files required

No extra files required.

PSA application image

PSA is based on a Virtual machine image in KVM- kernel module format ".qcow2". A sample image has been included in the project.

Manifest

  • XML

The PSA manifest in format XML is available at Manifest. This file must be stored in the PSAR. And reflects the capabilities described below.

  • JSON

The PSA manifest in format JSON is available at Manifest.

HSPL

The HSPL format is defined as follows:

  • D4.1 format:
father;enable;antiPhishing
  • More friendly:
I enable Antiphishing

MSPL

The MSPL is available at MSPL

M2L Plug-in

The M2l plug-in is available at M2LPlugin

For this PSA there is no user configuration to give to the user PSA. This is because all users will need the same configuration for Squid: check if the destination URL on the traffic is in the blacklist and block it.

This plugin do not need additional external information in this version that must be store in the PSAR.

Features/Capabilities

The list of capabilities are (extracted from manifest):

  • Antiphishing: offers the possibility of being protected of phishing attacks

Testing

Testing scripts are available at test folder

3. License

Please refer to project LICENSE file.

This software incorporates only Squid which is an open source software licensed under the GNU GPL.

Additional Information

Partners involved

  • Application: UPC
  • MSPL: POLITO,UPC
  • M2L Plugin: UPC

Status (OK/No/Partial) -OK-

TODO:

  • Tests

About

Anti-phishing PSA

Topics

security phishing phishing-attacks dansguardian

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages