Authentication, reputation key to online security
BOSTON -- Authentication and reputation were two key words that were stressed in last week's Authentication and Online Trust Summit.
The conference examined the trends in online threats and looked at ways for businesses to protect themselves and their customers. A session called "Sender ID Framework Implementation Update" focused on how to authenticate correctly.
"E-mail senders should strive to maintain a good reputation through a strong sender policy framework record," said Harry Katz, program manager at Microsoft Corp. and co-author of Sender ID Framework. "The fact that an e-mail message passes some kind of authentication does not mean that it is good mail. Like a driver's license, it has your personal information to verify who you are, but it has no record of your driving record."
Reputation is based on behavioral factors such as the amount of traffic sent, complaints received, the longevity of a domain name and the IP address from which mail is sent. Using Sender ID and Domain Keys can help mailers, because having a good reputation helps deliverability. Hotmail reports an 85 percent reduction in false positives for senders using Sender ID.
Executives from the e-mail marketing industry discussed the importance of keeping up a good mailing reputation when running an online marketing program, in a panel titled "Through the Looking Glass: Authentication Update from the Marketing POV."
"List hygiene is a very important element," said Jeanniey Mullen, partner and senior director at OgilvyOne Worldwide. "If you've got a dirty list ... you are going to get a bad reputation and get blocked from deliverability."
Cyber security is an issue facing all businesses online and implementing a security plan is key to protecting against online fraud. In Thursday's opening keynote panel, "How to Fry a Phish and Protect Your Brand Domain and Infrastructure," executives discussed strategies to building a security system online. Shut downs and browser e-mail blocking update the security of a Web site.
"A layered approach is key, because fraudsters will often be able to penetrate one layer of your online identity," said Jens Hinrichsen, product marketing manager at RSA.
In a session called "Online Crime and Identity Theft -Following the Bits and Bytes," security industry experts discussed the concerns about online fraud and security. One trick is to be aware of who is involved in computer intrusion behind spam, botnets, viruses and malware.
"Just like traditional organized crime, the different people in spam networks have different skills and advertise their products and services," said Daniel Larkin, chief of the cyber division for the FBI. "The threat is not industry specific, the bad guys are not targeting one sector. It's about the money."
The anatomy of a phishing attack includes various levels of organization including a computer hacker, a spammer, a data broker, documents and merchandise, a re-shipper/cashier and a money launderer. Highly organized criminal groups primarily operate out of Eastern Europe and Russia with some in West Africa and the United States.
Initiatives to stop identity theft include Operation RELEAF, the FBI's effort to shop reshippers in the US, as well as the National Cyber Forensics and Training Alliance
InfraGard program which work to stop online theft.
"We were able to stop 1,000 Tsunami-related attacks and 5,000 Katrina scams that were going around after the flood were stopped thanks to these organizations," Mr. Larkin said.