INTRODUCTION

Everyone uses e-mail. It is the second most used application on the internet next to your web browser. But what you might not realize is that a significant portion of network attacks and compromises originate through e-mail. And with respect to your privacy, misuse of e-mail has the potential to disclose either the contents of your message, or give spammer information about you. Electronic mail (email) is perhaps the most popularly used system for exchanging business information over the Internet (or any other computer network). At the most basic level, the email process can be divided into two principal components: (1) mail servers, which are hosts that deliver, forward, and store email; and (2) mail clients, which interface with users and allow users to read, compose, send, and store email. This document addresses the security issues of mail servers and mail clients, including Web-based access to mail.

THREATS
Threats to the security of e-mail itself Loss of confidentiality E-mails are sent in clear over open networks E-mails stored on potentially insecure clients and mail servers Loss of integrity No integrity protection on e-mails; body can be altered in transit or on mail server Lack of data origin authentication Lack of non-repudiation Lack of notification of receipt

EMAIL BASED ATTACKS

Active content attack Clean up at the server (AV, Defang) Buffer over-flow attack Fix the code Shell script attack Scan before send to the shell Trojan Horse Attack Use do not automatically use the macro option Web bugs (for tracking) Mangle the image at the mail server

MESSAGE FLOW
At the most basic level, the two primary message sections are the header and the body. The header section contains the vital information about the message including origination date, sender, recipient(s), delivery path, subject, and format information. The body of the message contains the actual content of the message. Once the message is translated into an RFC 2822 formatted message, it can be transmitted. Using a network connection, the mail client, referred to as a mail user agent (MUA), connects to a mail transfer agent (MTA) operating on the mail server.

EXAMPLE OF MESSAGE FLOW

 After initiating communication, the mail client provides the senders identity to the server. Next, using the mail server commands, the client tells the server who the intended recipients are. Although the message contains a list of intended recipients, the mail server does not examine the message for this information. Only after the complete recipient list is sent to the server does the client supply the message. From this point, message delivery is under control of the mail server. Once the mail server is processing the message, several events occur: recipient server identification, connection establishment, and message transmission. Using Domain Name System (DNS) services, the senders mail server determines the mail server(s) for the recipient(s). Then, the server opens up a connection(s) to the recipient mail server(s) and sends the message employing a process similar to that used by the originating client. At this point, one of two events could occur. If the senders and recipients mailboxes are located on the same mail server, the message is delivered using a local delivery agent (LDA). If the senders and recipients mailboxes are located on different mail servers, the send process is repeated from one MTA to another until the message reaches the recipients mailbox.
5

EMAIL SECURITY REQUIREMENTS

Main requirements Confidentiality Authentication Integrity Other requirements Non-repudiation Proof of submission Proof of delivery Anonymity Revocability Resistance to traffic analysis Many of these are difficult or impossible to achieve

SECURITY MECHANISMS

Detached signature

Leaves the original message untouched Signature can be transmitted/stored separately Message can still be used without the security software Signed message Signature is always included with the data Encrypted message

Usually implemented using public-key encryption

Mailing lists use one public-key encrypted header per recipient

Any of the corresponding private keys can decrypt the session key and therefore the message
7

 Countersigned data

Encrypted and signed data

Always sign first, then encrypt S (E (Paythesigner$1000) vs. E(S (Paythesigner$1000)

SPAM FILTER TECHNOLOGY

AntiSpam Technology Approach: Examine the source Examine the content

Examine the call to action (URL filters)

MULTI LAYE DEFENCE

Multiple technologies creates a comprehensive defense. Force spammers to contend with each layer

Theft of financial information and/or identity

10

 Growing problem both in terms of magnitude and awareness Targets expanding from Financial Services to all organizations with financial information online Banks, ecommerce sites, phone companies, government agencies, etc. Global problem US, UK, Europe, Australia, South America

FRAUD IS BIGGER THREAT THAN SPAM

11

EMAIL SECURITY SOFTWARE

Symantec Mail Security

Kaspersky Mail Security

12

SYMENTEC MAIL SECURITY

Features:

Support for Microsoft Exchange 2013 and Microsoft Hosted Exchange environments Out-of-the-box content filtering templates for protection against data loss Improved anti-malware and anti-spam effectiveness through advanced heuristics Improved manageability with full message quarantine Up to 30 percent performance improvement for mailbox scanning Microsoft Systems Center Operation Manager 2007 R2 support for Exchange 2007 and Exchange 2010 Continuous protection with lightweight scanning

Key Features Superior Protection

This Microsoft Exchange security solution protects against various forms of malware such as viruses, mass-mailer worms, Trojan horses, spyware, phishing, and denial of service attacks.
13

Stops 99 percent of spam with less than 1 in 1 million false positives. Filters email content with pre-defined policies, regular expressions, attachment criteria and True File typing.

Flexible and Easy to Use Management

Initial setup of Microsoft email security software can be completed within 10 minutes, with no requirements for tuning, allow listing, or block listing. Management console provides centralized server group policy configuration, notifications, alerts, and reporting. Integration with Microsoft Operations Manager and Systems Center Operations Manager creates an email security software solution that enables end-toend monitoring of your IT environment.

14

Key Benefits Optimized for Exchange

Flexible real-time, scheduled, and manual scanning provides efficient protection. In-memory scanning and effective multi-threading provides superior performance. Edge and Hub focused scanning leverages AV Stamping to eliminate redundant scanning and minimize impact to Mail Store. Supports Exchange 2010, 64 bit Windows, VMware and Hyper-V Virtualized environments.

15