You are on page 1of 15


 Everyone uses e-mail. It is the second most used application on the internet next to your web browser. But what you might not realize is that a significant portion of network attacks and compromises originate through e-mail. And with respect to your privacy, misuse of e-mail has the potential to disclose either the contents of your message, or give spammer information about you.  Electronic mail (email) is perhaps the most popularly used system for exchanging business information over the Internet (or any other computer network).  At the most basic level, the email process can be divided into two principal components: (1) mail servers, which are hosts that deliver, forward, and store email; and (2) mail clients, which interface with users and allow users to read, compose, send, and store email. This document addresses the security issues of mail servers and mail clients, including Web-based access to mail.


THREATS  Threats to the security of e-mail itself  Loss of confidentiality • E-mails are sent in clear over open networks • E-mails stored on potentially insecure clients and mail servers  Loss of integrity • No integrity protection on e-mails. body can be altered in transit or on mail server  Lack of data origin authentication  Lack of non-repudiation  Lack of notification of receipt 2 .

Defang)  Buffer over-flow attack – Fix the code  Shell script attack – Scan before send to the shell  Trojan Horse Attack – Use “do not automatically use the macro” option  Web bugs (for tracking) – Mangle the image at the mail server 3 .EMAIL BASED ATTACKS  Active content attack – Clean up at the server (AV.

delivery path. referred to as a mail user agent (MUA). connects to a mail transfer agent (MTA) operating on the mail server. EXAMPLE OF MESSAGE FLOW 4 . it can be transmitted. the two primary message sections are the header and the body. the mail client.MESSAGE FLOW  At the most basic level. recipient(s). and format information.  The body of the message contains the actual content of the message. sender. Using a network connection. The header section contains the vital information about the message including origination date.  Once the message is translated into an RFC 2822 formatted message. subject.

connection establishment. the message is delivered using a local delivery agent (LDA). If the sender’s and recipient’s mailboxes are located on different mail servers.  Once the mail server is processing the message. Next. the send process is repeated from one MTA to another until the message reaches the recipient’s mailbox. From this point. Using Domain Name System (DNS) services. message delivery is under control of the mail server. the client tells the server who the intended recipients are. the mail client provides the sender’s identity to the server. Only after the complete recipient list is sent to the server does the client supply the message. 5 . using the mail server commands. If the sender’s and recipient’s mailboxes are located on the same mail server. Although the message contains a list of intended recipients. the mail server does not examine the message for this information. several events occur: recipient server identification. the sender’s mail server determines the mail server(s) for the recipient(s). After initiating communication. and message transmission. Then. one of two events could occur. the server opens up a connection(s) to the recipient mail server(s) and sends the message employing a process similar to that used by the originating client.  At this point.

EMAIL SECURITY REQUIREMENTS  Main requirements  Confidentiality  Authentication  Integrity  Other requirements  Non-repudiation  Proof of submission  Proof of delivery  Anonymity  Revocability  Resistance to traffic analysis  Many of these are difficult or impossible to achieve 6 .

SECURITY MECHANISMS  Detached signature  Leaves the original message untouched  Signature can be transmitted/stored separately  Message can still be used without the security software  Signed message  Signature is always included with the data  Encrypted message  Usually implemented using public-key encryption  Mailing lists use one public-key encrypted header per recipient •Any of the corresponding private keys can decrypt the session key and therefore the message 7 .

 Countersigned data  Encrypted and signed data •Always sign first. then encrypt S (E (“Paythesigner$1000”) vs. E(S (“Paythesigner$1000”) 8 .

SPAM FILTER TECHNOLOGY AntiSpam Technology Approach: Examine the source  Examine the content  Examine the call to action (URL filters) 9 .

MULTI LAYE DEFENCE  Multiple technologies creates a comprehensive defense.  Force spammers to contend with each layer  Theft of financial information and/or identity 10 .

ecommerce sites. Europe. phone companies. UK. government agencies. Growing problem both in terms of magnitude and awareness  Targets expanding from Financial Services to all organizations with financial information online – Banks. Australia. etc. South America FRAUD IS BIGGER THREAT THAN SPAM 11 .  Global problem – US.

EMAIL SECURITY SOFTWARE   Symantec Mail Security Kaspersky Mail Security 12 .

Trojan horses. spyware. mass-mailer worms. phishing. 13 . and denial of service attacks.SYMENTEC MAIL SECURITY Features:       Support for Microsoft Exchange 2013 and Microsoft Hosted Exchange environments Out-of-the-box content filtering templates for protection against data loss Improved anti-malware and anti-spam effectiveness through advanced heuristics Improved manageability with full message quarantine Up to 30 percent performance improvement for mailbox scanning Microsoft Systems Center Operation Manager 2007 R2 support for Exchange 2007 and Exchange 2010 Continuous protection with lightweight scanning Key Features  Superior Protection  This Microsoft Exchange security solution protects against various forms of malware such as viruses.

Management console provides centralized server group policy configuration.  Flexible and Easy to Use Management    Initial setup of Microsoft email security software can be completed within 10 minutes. attachment criteria and True File typing. notifications.  Stops 99 percent of spam with less than 1 in 1 million false positives. alerts. regular expressions. Integration with Microsoft Operations Manager and Systems Center Operations Manager creates an email security software solution that enables end-toend monitoring of your IT environment. 14 . and reporting. or block listing. allow listing. with no requirements for tuning. Filters email content with pre-defined policies.

Edge and Hub focused scanning leverages AV Stamping to eliminate redundant scanning and minimize impact to Mail Store. scheduled. In-memory scanning and effective multi-threading provides superior performance. 15 . 64 bit Windows.Key Benefits Optimized for Exchange     Flexible real-time. VMware and Hyper-V Virtualized environments. Supports Exchange 2010. and manual scanning provides efficient protection.