Scribd Logo
Upload

Welcome to Scribd!

  • 19 views

    SBS Security - Best - Practices - Email - Services

    Uploaded by

    Stivy Wendpenga
    This document provides best practices for email security configurations from various sources. It recommends implementing anti-spam, anti-phishing, anti-virus, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and STARTTLS to filter unwanted senders, inspect attachments for malware, and secure message transport. The practices are based on a French cybersecurity agency's guide for securing email services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    SBS Security - Best - Practices - Email - Services

    Uploaded by

    Stivy Wendpenga
    19 views4 pages
    This document provides best practices for email security configurations from various sources. It recommends implementing anti-spam, anti-phishing, anti-virus, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and STARTTLS to filter unwanted senders, inspect attachments for malware, and secure message transport. The practices are based on a French cybersecurity agency's guide for securing email services.

    Original Description:

    eeeeeeeeeeeeeeeeeeeeeeeeeeeee

    Original Title

    SBS Security_Best_Practices_Email_Services

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides best practices for email security configurations from various sources. It recommends implementing anti-spam, anti-phishing, anti-virus, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and STARTTLS to filter unwanted senders, inspect attachments for malware, and secure message transport. The practices are based on a French cybersecurity agency's guide for securing email services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    19 views4 pages

    SBS Security - Best - Practices - Email - Services

    Uploaded by

    Stivy Wendpenga
    This document provides best practices for email security configurations from various sources. It recommends implementing anti-spam, anti-phishing, anti-virus, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and STARTTLS to filter unwanted senders, inspect attachments for malware, and secure message transport. The practices are based on a French cybersecurity agency's guide for securing email services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    C2 - Restricted use

    Good security practices for a messaging service


    October 11, 2022 Sopra Banking Software

    Guide

    Sopra Banking Software

    Security best practices for email


    services

    Version 1.00 from Tuesday, October 11, 2022


    Status : Applicable

    Sopra Banking Software/7


    C2 - Restricted use
    Good security practices for a messaging service

    October 11, 2022 Sopra Banking Software

    Contents

    1. Introduction 3
    2. Background Erreur ! Signet non défini.
    3. Recommended security features 3
    3.1. Anti-spam and Anti-phishing 3
    3.2. Anti-virus 3
    3.3. Protection of illegitimate messages 4
    3.3.1. SPF 4
    3.3.2. DKIM 4
    3.4. STARTTLS 4

    4. Source 4

    Sopra Banking Software, 2022

    2/7
    C2 - Restricted use
    Good security practices for a messaging service

    October 11, 2022 Sopra Banking Software

    1. Introduction
    The purpose of this document is to make available a compilation of market best practices for security for
    configuring SBS partner messaging services from various sources cited in Section 3 "Source" below.

    Accordingly, Sopra Banking Software does not warrant the quality or completeness of the information
    contained herein.

    Nevertheless, as part of its duty of advice and to facilitate the management of your messaging service,
    Sopra Banking Software provides you with the following best practices.

    2. Recommended security features


    Email is a major vector for phishing attempts or malicious attachments. In order to limit the number of
    attempts, a series of countermeasures can be implemented on email servers that are in direct contact
    with the Internet.

    Below is a non-exhaustive list of countermeasures that can be applied:

    1. Filtering of unwanted senders with Anti-spam and Anti-phishing


    2. Inspection of attachments with Anti-virus software
    3. Protection of illegitimate messages with the combination of services: Sender Policy Framework
    (SPF) and DomainKeys Identified Mail (DKIM)
    4. Securing the message transport channel with the STARTTLS option

    2.1. Anti-spam and Anti-phishing


    The use of an anti-spam and anti-phishing solution, activated at the moment of the receipt of an
    electronic message make it possible to make an initial inspection of the contents of the message in order
    to detect inappropriate contents. This type of service is usually implemented from the start for online
    email services, SaaS type (e.g. Office 365). It must also be installed and configured for traditional email
    services that are hosted in private data centers and operated by infrastructure teams.

    2.2. Anti-virus
    Attachments in e-mail messages can carry malicious files. These files act when they are opened or
    executed. The function of an anti-virus is to scan these files for potential malicious code execution. The
    file and/or email will be destroyed or quarantined according to the defined security policy.

    Sopra Banking Software, 2022

    3/7
    C2 - Restricted use
    Good security practices for a messaging service

    October 11, 2022 Sopra Banking Software

    2.3. Protection of illegitimate messages

    2.3.1. SPF
    The configuration of the SPF record in the subscribed public DNS service allows to specify IP addresses
    of servers authorized to send e-mail messages from this domain. This strengthens the verification of the
    legitimacy of messages received by the recipient. This declaration is configured in a DNS record of the
    domain of type Text Resource Record (TXT RR).

    Any email received must have, at a minimum, a soft/fail policy. Otherwise, any email received that does
    not comply with this policy must be quarantined or deleted.

    2.3.2. DKIM
    The DKIM protocol is the combination of an asymmetric cryptographic mechanism (private key and public
    key) and a signature that allows to verify the legitimacy of the server that sends a message. When the
    message is sent to the recipient, it is signed by the sender's private key. The corresponding public key
    is stored in a DNS entry of the domain sending the message (DKIM selector). The server receiving the
    message verifies the authenticity of the sender by checking the presence and validity of the electronic
    signature.

    2.4. STARTTLS
    The STARTTLS option allows for the negotiation of encryption parameters between the sending and
    receiving servers in order to secure the transport of the messages exchanged. The level of encryption is
    negotiated between the two parties to find an agreement to transmit the data.

    3. Source
    This document is based on Chapter 5 - "Securing the electronic messaging service" of the
    recommendations relating to the interconnection of an information system to the Internet published by
    ANSSI (National Agency for the Security of Information Systems)

    For this reason, we strongly advise you to consult the link below.

    https://www.ssi.gouv.fr/uploads/2020/06/anssi-guide-passerelle_internet_securisee-v3.pdf

    Sopra Banking Software, 2022

    4/7

    You might also like