Saturday, 01. May 2010. 23:49 von 4-HTECHWIZARDS.ORG
Defending the email infrastructure
Why email requires comprehensive protection
Growing risk from e-mail
It is impossible to imagine business without e-mail.
According to analysts Radicati Group, the typical worker uses 19 percent of their working day to use email1, but IDC Research estimates that 97 billion are sent worldwide each Day2.
The more the world goes online, the popularity of email – and the business nearly complete dependence on it – is growing.
The proliferation and ease of use of e-mail, however, open to abuse. Spammers bombard users with unwanted messages on a daily or even more frequently and systematically organized crime groups use e-mail, spread malicious software, and to commit identity theft.
Dam is relentless: in 2007 only 5 percent of all emails sent were legitimate, the other 95
percent of messages containing spam or malware links3.
Organizations also need to ensure that their own employees use e-mail systems properly.
The spread of objectionable content and malware by e-mail is a crime and possibly lead to negative reflects the organization. Inadequate protection of the email infrastructure is no longer just the cost of businesses over time, but also lead to bad publicity, lost revenue, damaged the stock price and financial penalties of fines and lawsuits.
What is more, it is estimated that 80 percent of the organization’s activities within the e-mail accounts maintained infrastructure, and so it is easy to see how business-critical data may need to be unauthorized hands.
As the continuing growth of external threats and internal threats more difficult, email security solution will serve two purposes:
Block spam, phishing and malware attacks
Make sure that the organizations to monitor copyright compliance and avoid costly damage.
Defending the email infrastructure: why email requires comprehensive protection
Overview of the email infrastructure
E-mail system is constructed of several parts, which play different roles. Ensure that every part of the offer maximum performance, email security must also take a multi-layered approach. Basic infrastructure consists of the following email.
Email gateway – also known as email or ring line. This is the first line of your e-mail a link between the organization and the outside world. It is a point through which all incoming and outgoing mail will travel.
E-mail server – in addition to all incoming and outgoing mail, e-mail server handles internal email, and will e-mail storage has not yet downloaded your e-mail program.
Endpoint – desktops and laptops and other devices such as Blackberry and mobile phones
that run e-mail programs.
Incoming threat
Quantitatively the most significant threat comes from external email infrastructure by spammers and cybercriminals. They have long used e-mail to advertise goods and breach of security defenses, and constantly adjusting the tactics to try to bypass existing security measures.
Spam
Spammers are increasingly using creative ways to obfuscate their marketing slogans, hidden inside a PDF file attachments, images, or even mp3 files.
These techniques are all trying to beat the traditional email spam filters, provides users with accessible mailboxes.
Spammers have also become very adept at using social engineering covering the actual contents of the message, in order to fool the recipients to open it and click on any receptacle containing WebLink.
While the user may think they access the YouTube video, e-card or a software update, they might end up a Web site selling male enhancement pills of counterfeit branded products or anything else.
“Pump-and-dump” campaigns are also increasingly popular. This tactic sees spammers to talk up prospects of a public company in order to incorrectly inflate its stock value, so they can sell shares and take a significant capital gain.
Phishing, spear phishing and whaling
Phishing is sending emails that appear to come from reputable retailers, banks or credit card companies. These emails lure the victims of fake sites are almost exact replicas of the real thing. Then the criminals to capture user IDs and passwords, bank account numbers and PIN. In October 2007 31560 phishing campaigns informed the Anti-Phishing Working Group (APWG), in which 120 different brands hijacked4.
Spear phishing is a phish attack began in a specific organization. Email appearing to be
from a trusted source, e. g. Managing IT-tricks or employees by providing a network passwords, intellectual property and confidential information.
Defending the email infrastructure: why email requires comprehensive protection
Whaling is a very targeted phish attack targeted at high-profile individual such as a supplier, a celebrity or businessman.
Malware and blended threats
In 2007, 1 909 e-mails contained malicious code, a steep since 2005, when the figure was 1 446 Although this figure may seem a positive downward, in reality, it only emphasizes that cybercriminals have adopted more sophisticated methods, which can be used to penetrate corporate networks. A popular tactic is to spam emails containing links that recipients towards sites hosting malicious code. These emails do not contain malicious code itself, and so are likely to be past the perimeter defense.
Directory harvesting
Hackers directory harvesting continuously probe the organization’s e-mail server by guessing at email forms to collect names and addresses of good faith, which they can either use or sell to other online criminals. The mere number of server requests – and the subsequent non-delivery receipts – in the worst case can cause the server to fail, when the organization without e-mail.
Inappropriate content and PUAs
Most organizations accept the occasional use of e-mail systems for personal reasons. However
there is a danger that personal e-mails could harm the reputation of the organization, if the worker is entitled to pornographic or violent content. Incoming personal e-mails can also add additional pressure to the network, especially if they contain a large music, games or video files. Potentially unwanted applications (PUAs) and remote access tools such as automatic dialers, it may also be difficult to manage and run your network resources.
Outgoing threat
E-mail remains the networks is less than the absolute number of incoming messages, but it causes similar risks to safety and compliance.
Inappropriate content
Few organizations with pornography or other offensive content can be sent to their network, but the threat may be more innocent source.
Family pictures and videos, links to non-corporate web sites and other personal content consumes bandwidth and can adversely affect the company’s image, if sent to unintended recipients.
Information Leaks
IDC e-mail address is the number one source of leaked trade secrets 7, and these leaks are usually accidental. For example, many email programs use auto-complete feature when typing names in the To: field, in order to reduce typing. This feature is easy to inadvertently add an unintended recipient.
Research shows that half the workforce has been sent to your e-mail with an embarrassing or sensitive information to people mistake8.
Why spam works
“Millions of messages may be transmitted in seconds via the compromised computers.
“Contrary to physical mail, it costs almost nothing to send spam.
“The recipients to respond. In February 2007, 5 percent of computer users into buying goods sold to spam, and in November 2007 had risen to 11 percent5.
Vulnerable information
»» Personally identifiable information (PII)
»» Financial Statements
“Business secrets
»» Guest Lists
»» Business Plans
Defending the email infrastructure: why email requires comprehensive protection
Radicati Group also noted that 77 per cent of business users are sometimes sent emails businessrelated personal accounts9. This can help employees work more flexibly, but it is a hole in the defenses and the organization is particularly worrying in companies operating in regulated industries.
Bot nets
Hijacked computers can become part of a botnet, and unknown to their owner, to launch malware, spam, or Distributed Denial of Service (DDoS) attacks. Bot networks affects the network processing and damage to reputation as a crime messages appear to come from a legitimate source. In extreme cases, the organization can find the domain names and / or IP ranges are blocked by service providers and other institutions.
Internal threat
Many of the threats and from abroad also occurs in the internal e-mail. Leaks of information between departments, circulation of inappropriate content and distribution of all non-essential applications to put an e-mail infrastructure to unnecessary risks.
In addition, the rise of regulatory compliance on security, storage and retrieval of information is also a direct impact on the use of email. E-mail often acted as “collective memory”, businesses must adopt strategies that keep data safe, and easy to find. In many countries, legislation, organizations must keep records of all important communications, such as e-mail. If they are later required the court, there is no archived e-mails is considered negligent.
A four-phased approach email defense
The first phase
Protect Gateway
The cornerstone of defense email abuse is a gateway to the protection, which should scan all incoming and outgoing messages as spam. Gartner Group recommends that 97 percent would have prevented or quarantined11. To achieve this, the anti-spam engine is able to detect new and emerging campaigns using technologies such as reputation filtering, pattern matching, URL detection and image and attachment of fingerprints.
Several techniques are important for spammers use many tactics to circumvent spam filters.
In the same scan e-mails found to be part of a phishing attack, or that contain viruses, spyware and unwanted attachments are also blocked.
Organizations should also be able to choose how to handle encrypted, corrupt or suspicious messages. Gateway protection should be careful not known and unknown (or zero-day) attacks, where a sophisticated Host Intrusion Prevention System (HIPS) techniques, in addition to the rapid signature updates. HIPS Technologie actively identify messages and their attachments and to analyze the likely behavior before code executes, to reduce infringement. The best products provide proactive protection against new threats, even before the detection rules for the public.
Gateway protection should also scan mail for sensitive or confidential content. Effective content filtering and monitoring to prevent information leaks, protect valuable assets and ensure compliance with the requirements of the law. This includes the ability to search for keywords, regular expressions and file types, as well as to implement the list of Allowed Senders.
Protection is also the gateway to identify and give the alarm if the organization’s mail server or endpoint computers are part of the botnet. By evaluating the outgoing messages of spam and malware-like features, the company can ensure its infrastructure is used only for lawful purposes.
The second phase
Defending your e-mail server
Protection of e-mail server brings two advantages:
Spam or malware for which protection may not be available when it is passed through the gateway can be captured here
Internal threats are sent between various departments and not through the gateway can be prevented.
Departmental scanning e-mails spam, malware, unwanted content and sensitive data in critical condition. For example, a worker may unknowingly infected to visit the website and to share contacts with colleagues via e-mail, which may be more at risk of infection endpoint computers. Similarly, whereas the Human Resources Department may share confidential information to staff members, such as wage rises for example, scanning e-mail server to ensure that this information is not shared throughout the organization.
This level of defense, security also stores the message that an organization’s email archives, and those messages not yet downloaded to the local customers are malware free.
The third stage
Secure endpoint
Endpoint Protection is to support the organization’s security strategy, because it is the end user and his / her confidential information, which is the ultimate goal of all attacks. Criminals attack network endpoint through multiple vectors, including web sites, e-mail, instant messaging (IM), P2P networks and USB drives. Infected computers can capture the spy business networks, steal network resources and relieve the attacks of others.
All endpoint defense must also take into account the different operating systems that are in use. Although the majority of computers use Windows significant number of users to use the Mac and Linux computers, and they are equally at risk.
The first virus for Mac OS X platform (which spreads using IM) was discovered in 2006 and a year later Targeting Mac Trojan – malware that causes so something harmless – also discovered12. Both attacks relied on user behavior, not only the vulnerability of the operating system. Therefore, Endpoint Security must be protected for all major operating systems.
The fourth phase
Control access to the network
Network Access Control (NAC) administered, by whom and what is connected to the system, to protect
information and meet all legal requirements.
Effective NAC solution to continually assess against defined policies PCs clients’ employees who work outside the office, and an anonymous user. It can ensure that, for example anti-malware and firewall applications are up to date security patches are installed, and prohibited applications are not enabled.
A preventive approach to NAC stops problems before they occur by combining pre-and post-connect assessment and repair of computers, a number of implementation options. NAC enables you to quickly determine the Endpoint Security and acceptable use policy (AUPS) for all end-user scenarios, so you can identify and fix managed endpoint vulnerabilities before infection to quarantine infected computers and prevent unauthorized computers.
The correct solution
Every organization is the point where control and / or add too much cost or above so as to offset interest of safety. Even for large organizations with their own security departments, spent less time on day to day management, the better.
Effective security solution should be assessed in broad criteria:
High volume mail processing, which handles millions of signals per day
One amendment, which can identify spam, malware, data leakage and all unnecessary applications
Small and fast updates with minimal footprint
Directory of simple integration and implementation of key AUPS individual, workgroup, or between units
Effective Reports, which provide information on the integrity of the entire e-mail system
One consolidated view of all email traffic, up to several server environments
Performance monitoring is automatically alerts the webmaster, if corrective action is required
Managed devices can be remotely monitored and maintained by the vendor
One supplier for a streamlined operation, management, maintenance and support.
Summary
Email threats are growing and can come from inside and outside the organization and increase regulatory compliance, impose additional requirements on how email is being managed and protected. Advantage of the defense in depth – is a gateway, email server and endpoint – closes many security holes. Organizations should look for solutions which in addition to providing the best possible safety, to minimize the effects of network and IT department resources.
