Learn about how Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain Message Authentication Reporting and Conformance (DMARC) help prevent phishing emails and forgery by allowing administrators to validate inbound email.
- [Instructor] Network administrators … enable strong spam filters to prevent phishing emails … from reaching the end users. … But there are other tools in the arsenal … that help prevent phishing emails and forgery … by allowing administrators to validate inbound email. … Those include: Sender Policy Framework, … DomainKeys Identified Mail, … and Domain Message Authentication … Reporting and Conformance. … Sender policy framework authenticates … by comparing records in the appropriate DNS record … and helps prevent phishing emails and forgery. … You can see the sender policy framework report … in the message header. … A message header is the information behind the scenes … that tells the story of the journey … it takes to be delivered from sender to recipient. … This includes all the stops and validation checks. … When you look at a message header, … it's read from the bottom up. … Now here you can see just a short segment … of a message header. … And then down at the bottom, … you can see that sender policy framework has passed. …
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures