Anti-pharming

Anti-pharming techniques and technology are used to combat pharming.

Traditional methods for combating pharming include: Server-side software, DNS protection, and web browser add-ins such as toolbars. Server-side software is typically used by enterprises to protect their customers and employees who use internal or private web-based systems from being pharmed and phished, while browser add-ins allow individual users to protect themselves from phishing. DNS protection mechanisms help ensure that a specific DNS server cannot be hacked and thereby become a facilitator of pharming attacks. Spam filters typically do not provide users with protection against pharming.

Currently the most efficient way to prevent pharming is for end users to make sure they are using secure web connections (HTTPS) to access privacy sensitive sites such as those for banking or taxing, and only accept the valid public key certificates issued by trusted sources. A certificate from an unknown organisation or an expired certificate should not be accepted all the time for crucial business. So-called active cookies[1] provide for a server-side detection tool.

Legislation also plays an essential role in anti-pharming. In March 2005, U.S. Senator Patrick Leahy (D-VT) introduced the Anti-Phishing Act of 2005, a bill that proposes a five-year prison sentence and/or fine for individuals who execute phishing attacks and use information garnered through online fraud such as phishing and pharming to commit crimes such as identity theft.

For home users of consumer-grade routers and wireless access points, perhaps the single most effective defense is to change the password on the router to something other than the default, replacing it with a password that is not susceptible to a dictionary attack.

See also

References