| |
| |
| Introduction | |
| |
| |
| |
| Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers | |
| |
| |
| Introduction | |
| |
| |
| Essential Concepts | |
| |
| |
| Servers, Services, and Clients | |
| |
| |
| Authentication and Access Control | |
| |
| |
| Hackers and Attack Types | |
| |
| |
| What Do Hackers Do? | |
| |
| |
| Attack Types | |
| |
| |
| Overview of E-mail Clients and Servers | |
| |
| |
| Understanding a Mail User Agent and a Mail Transfer Agent | |
| |
| |
| The Mail Delivery Agent | |
| |
| |
| When Are Security Problems Introduced? | |
| |
| |
| History of E-mail Attacks | |
| |
| |
| The MTA and the Robert Morris Internet Worm | |
| |
| |
| MDA Attacks | |
| |
| |
| Analyzing Famous Attacks | |
| |
| |
| Case Study | |
| |
| |
| Learning from Past Attacks | |
| |
| |
| Viruses | |
| |
| |
| Worms | |
| |
| |
| Types of Worms | |
| |
| |
| Trojans | |
| |
| |
| Illicit Servers | |
| |
| |
| Differentiating between Trojans and Illicit Servers | |
| |
| |
| E-mail Bombing | |
| |
| |
| Sniffing Attacks | |
| |
| |
| Carnivore | |
| |
| |
| Spamming and Security | |
| |
| |
| Common Authoring Languages | |
| |
| |
| Protecting Your E-mail | |
| |
| |
| Protecting E-mail Clients | |
| |
| |
| Third-party Applications | |
| |
| |
| Encryption | |
| |
| |
| Hash Encryption and Document Signing | |
| |
| |
| Protecting the Server | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Securing Outlook 2000 | |
| |
| |
| Introduction | |
| |
| |
| Common Targets, Exploits, and Weaknesses | |
| |
| |
| The Address Book | |
| |
| |
| The Mail Folders | |
| |
| |
| Visual Basic Files | |
| |
| |
| Attacks Specific to This Client | |
| |
| |
| No Attachment Security | |
| |
| |
| Default Settings Are Not Secure | |
| |
| |
| Zone Security | |
| |
| |
| Word 2000 as the Outlook E-mail Editor | |
| |
| |
| Security Updates | |
| |
| |
| Enabling Filtering | |
| |
| |
| Junk E-mail | |
| |
| |
| Filtering Keywords | |
| |
| |
| Mail Settings and Options | |
| |
| |
| HTML Messages | |
| |
| |
| Zone Settings | |
| |
| |
| Attachment Security | |
| |
| |
| Attachment Security After Applying Outlook E-mail Security Update | |
| |
| |
| Enabling S/MIME | |
| |
| |
| Why You Should Use Public Key Encryption | |
| |
| |
| Installing and Enabling Pretty Good Privacy (PGP) | |
| |
| |
| Installing PGP | |
| |
| |
| Understanding Public Key Encryption | |
| |
| |
| Generating a Key Pair | |
| |
| |
| Exchanging Keys | |
| |
| |
| Key Distribution Sites | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Securing Outlook Express 5.0 and Eudora 4.3 | |
| |
| |
| Introduction | |
| |
| |
| Outlook Express for Windows | |
| |
| |
| Security Settings | |
| |
| |
| Secure Mail | |
| |
| |
| Security Zones | |
| |
| |
| Attachments | |
| |
| |
| Outlook Express for Macintosh | |
| |
| |
| Junk Mail Filter | |
| |
| |
| Message Rules | |
| |
| |
| Attachments | |
| |
| |
| Case Study: Automated Virus Scanning of Mail Attachments | |
| |
| |
| Eudora for Windows and Macintosh | |
| |
| |
| Security | |
| |
| |
| Attachments | |
| |
| |
| Filtering | |
| |
| |
| Enabling PGP for both Outlook Express and Eudora | |
| |
| |
| Sending and Receiving PGP-Secured Messages | |
| |
| |
| Eudora for Windows | |
| |
| |
| Outlook Express for Windows | |
| |
| |
| Eudora for Macintosh | |
| |
| |
| Outlook Express for Macintosh | |
| |
| |
| Automatic Processing of Messages | |
| |
| |
| File Attachments and PGP | |
| |
| |
| Case Study: Securing File Attachments with PGP | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Web-based Mail Issues | |
| |
| |
| Introduction | |
| |
| |
| Choices in Web-based E-mail Services | |
| |
| |
| Why Is Web-based E-mail So Popular? | |
| |
| |
| The Cost of Convenience | |
| |
| |
| Specific Weaknesses | |
| |
| |
| Internet Architecture and the Transmission Path | |
| |
| |
| Reading Passwords | |
| |
| |
| Case Study | |
| |
| |
| Specific Sniffer Applications | |
| |
| |
| Code-based Attacks | |
| |
| |
| The PHF Bug | |
| |
| |
| Hostile Code | |
| |
| |
| Taking Advantage of System Trusts | |
| |
| |
| Cracking the Account with a "Brute Force" or Dictionary Application | |
| |
| |
| Physical Attacks | |
| |
| |
| Cookies and Their Associated Risks | |
| |
| |
| Solving the Problem | |
| |
| |
| Using Secure Sockets Layer (SSL) | |
| |
| |
| Secure HTTP | |
| |
| |
| Practical Implementations | |
| |
| |
| Local E-mail Servers | |
| |
| |
| Using PGP with Web-based E-mail | |
| |
| |
| Making Yourself Anonymous | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Client-Side Anti-Virus Applications | |
| |
| |
| Introduction | |
| |
| |
| McAfee VirusScan 5 | |
| |
| |
| Availability of VirusScan | |
| |
| |
| Updates of Virus Definition Files | |
| |
| |
| Installation of VirusScan 5 | |
| |
| |
| Configuration of VirusScan 5 | |
| |
| |
| Norton AntiVirus 2000 | |
| |
| |
| Availability of Norton AntiVirus 2000 | |
| |
| |
| Updates of Norton AntiVirus 2000 Definition Files | |
| |
| |
| Installation of Norton AntiVirus 2000 | |
| |
| |
| Configuration of Norton AntiVirus 2000 | |
| |
| |
| Trend Micro PC-cillin 2000 | |
| |
| |
| Availability of Trend Micro PC-cillin 2000 | |
| |
| |
| Updates of PC-cillin Virus Definition Files | |
| |
| |
| Installation of Trend Micro PC-cillin 2000 | |
| |
| |
| Configuration of Trend Micro PC-cillin 2000 | |
| |
| |
| Trend PC-cillin 2000 Configuration Settings | |
| |
| |
| Trend Micro PC-cillin 2000 Links | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Mobile Code Protection | |
| |
| |
| Introduction | |
| |
| |
| Dynamic E-mail | |
| |
| |
| Active Content | |
| |
| |
| Taking Advantage of Dynamic E-mail | |
| |
| |
| Composing an HTML E-mail | |
| |
| |
| Inserting Your Own HTML File | |
| |
| |
| Sending an Entire Web Page | |
| |
| |
| Dangers | |
| |
| |
| No Hiding Behind the Firewall | |
| |
| |
| Mobile Code | |
| |
| |
| Java | |
| |
| |
| Security Model | |
| |
| |
| Playing in the Sandbox | |
| |
| |
| Playing Outside the Sandbox | |
| |
| |
| Points of Weakness | |
| |
| |
| Background Threads | |
| |
| |
| Hogging System Resources | |
| |
| |
| I Swear I Didn't Send That E-mail | |
| |
| |
| Scanning for Files | |
| |
| |
| How Hackers Take Advantage | |
| |
| |
| Spam Verification | |
| |
| |
| Theft of Processing Power | |
| |
| |
| Unscrupulous Market Research | |
| |
| |
| Applets Are Not That Scary | |
| |
| |
| Precautions You Can Take | |
| |
| |
| JavaScript | |
| |
| |
| Security Model | |
| |
| |
| Points of Weakness | |
| |
| |
| How Hackers Take Advantage | |
| |
| |
| Web-Based E-mail Attacks | |
| |
| |
| Are Plug-in Commands a Threat? | |
| |
| |
| Social Engineering | |
| |
| |
| Precautions to Take | |
| |
| |
| ActiveX | |
| |
| |
| Security Model | |
| |
| |
| Safe for Scripting | |
| |
| |
| Points of Weakness | |
| |
| |
| How Hackers Can Take Advantage | |
| |
| |
| Preinstalled ActiveX Controls | |
| |
| |
| Bugs Open the Door | |
| |
| |
| Intentionally Malicious ActiveX | |
| |
| |
| My Mistake... | |
| |
| |
| Trojan Horse Attacks | |
| |
| |
| Precautions to Take | |
| |
| |
| VBScript | |
| |
| |
| Security Model | |
| |
| |
| Points of Weakness | |
| |
| |
| VBScript, Meet ActiveX | |
| |
| |
| How Hackers Take Advantage | |
| |
| |
| Social Engineering Exploits | |
| |
| |
| VBScript-ActiveX Can Double Team Your Security | |
| |
| |
| Precautions to Take | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Personal Firewalls | |
| |
| |
| Introduction | |
| |
| |
| What Is a Personal Firewall? | |
| |
| |
| Blocks Ports | |
| |
| |
| Block IP Addresses | |
| |
| |
| Access Control List (ACL) | |
| |
| |
| Execution Control List (ECL) | |
| |
| |
| Intrusion Detection | |
| |
| |
| Personal Firewalls and E-mail Clients | |
| |
| |
| Levels of Protection | |
| |
| |
| False Positives | |
| |
| |
| Network Ice BlackICE Defender 2.1 | |
| |
| |
| Installation | |
| |
| |
| Configuration | |
| |
| |
| E-mail and BlackICE | |
| |
| |
| Aladdin Networks' eSafe, Version 2.2 | |
| |
| |
| Installation | |
| |
| |
| Configuration | |
| |
| |
| E-mail and ESafe | |
| |
| |
| Norton Personal Firewall 2000 2.0 | |
| |
| |
| Installation | |
| |
| |
| Configuration | |
| |
| |
| ZoneAlarm 2.1 | |
| |
| |
| Installation | |
| |
| |
| Configuration | |
| |
| |
| E-mail and ZoneAlarm | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Securing Windows 2000 Advanced Server and Red Hat Linux 6 for E-mail Services | |
| |
| |
| Introduction | |
| |
| |
| Updating the Operating System | |
| |
| |
| Microsoft Service Packs | |
| |
| |
| Red Hat Linux Updates and Errata Service Packages | |
| |
| |
| Disabling Unnecessary Services and Ports | |
| |
| |
| Windows 2000 Advanced Server--Services to Disable | |
| |
| |
| The Server Service | |
| |
| |
| Internet Information Services (IIS) | |
| |
| |
| Red Hat Linux--Services to Disable | |
| |
| |
| Inetd.conf | |
| |
| |
| Rlogin | |
| |
| |
| Locking Down Ports | |
| |
| |
| Well-Known and Registered Ports | |
| |
| |
| Determining Ports to Block | |
| |
| |
| Blocking Ports in Windows | |
| |
| |
| Blocking Ports in Linux | |
| |
| |
| Inetd Services | |
| |
| |
| Stand-Alone Services | |
| |
| |
| Maintenance Issues | |
| |
| |
| Microsoft Service Pack Updates, Hot Fixes, and Security Patches | |
| |
| |
| Case Study | |
| |
| |
| Red Hat Linux Errata: Fixes and Advisories | |
| |
| |
| Case Study | |
| |
| |
| Windows Vulnerability Scanner (ISS System Scanner) | |
| |
| |
| Linux Vulnerability Scanner (WebTrends Security Analyzer) | |
| |
| |
| Logging | |
| |
| |
| Windows 2000 Advanced Server | |
| |
| |
| Linux | |
| |
| |
| Common Security Applications | |
| |
| |
| Firewall Placement | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Microsoft Exchange Server 5.5 | |
| |
| |
| Introduction | |
| |
| |
| Securing the Exchange Server from Spam | |
| |
| |
| Configuring the IMS To Block E-mail Attacks | |
| |
| |
| Exchange and Virus Attacks: Myths and Realities | |
| |
| |
| Learning from Recent Attacks | |
| |
| |
| Case Study: Preparing for Virus Attacks | |
| |
| |
| Exchange Maintenance | |
| |
| |
| Service Packs | |
| |
| |
| Plug-ins and Add-ons | |
| |
| |
| Third-party Add-ons | |
| |
| |
| Microsoft Utilities | |
| |
| |
| Content Filtering | |
| |
| |
| Case Study: Content Scanning | |
| |
| |
| Attachment Scanning | |
| |
| |
| Recovery | |
| |
| |
| Backing Up Data | |
| |
| |
| Restoring Data | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Sendmail and IMAP Security | |
| |
| |
| Introduction | |
| |
| |
| Sendmail and Security: A Contradiction in Terms? | |
| |
| |
| Sendmail's History | |
| |
| |
| Threats to SendMail Security | |
| |
| |
| Anatomy of a Buffer Overflow | |
| |
| |
| A Buffer Overflow Illustrated | |
| |
| |
| Sendmail and the Root Privilege | |
| |
| |
| Fixes | |
| |
| |
| Stay Current | |
| |
| |
| Stay Informed | |
| |
| |
| Protect Your Resources | |
| |
| |
| Minimize Risk | |
| |
| |
| Alternatives: Postfix and Qmail | |
| |
| |
| Postfix | |
| |
| |
| Qmail | |
| |
| |
| Comparing Your Options | |
| |
| |
| Configuring Sendmail | |
| |
| |
| Internet Message Access Protocol (IMAP) | |
| |
| |
| The IMAP Advantage | |
| |
| |
| Understanding IMAP Implementations | |
| |
| |
| UW IMAP | |
| |
| |
| Cyrus IMAP | |
| |
| |
| One IMAP, Many Choices | |
| |
| |
| Administering the Server | |
| |
| |
| The Users | |
| |
| |
| The Mail Store | |
| |
| |
| Protecting the Messages | |
| |
| |
| Strengthening Authentication | |
| |
| |
| Securing Access | |
| |
| |
| From the Client Side | |
| |
| |
| IMAP Summary | |
| |
| |
| Recovery | |
| |
| |
| Backing Up Data | |
| |
| |
| Restoring Data | |
| |
| |
| The Bottom Line on Backup | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Deploying Server-side E-mail Content Filters and Scanners | |
| |
| |
| Introduction | |
| |
| |
| Overview of Content Filtering | |
| |
| |
| Filtering by Sender | |
| |
| |
| Filtering by Receiver | |
| |
| |
| Subject Headings and Message Body | |
| |
| |
| Overview of Attachment Scanning | |
| |
| |
| Attachment Size | |
| |
| |
| Attachment Type (Visual Basic, Java, ActiveX) | |
| |
| |
| McAfee GroupShield | |
| |
| |
| Installation of GroupShield | |
| |
| |
| Configuration | |
| |
| |
| Specific Settings | |
| |
| |
| Trend Micro ScanMail for Exchange Server | |
| |
| |
| Installation of ScanMail | |
| |
| |
| Configuration | |
| |
| |
| Specific Settings | |
| |
| |
| Additional ScanMail Offerings | |
| |
| |
| Content Technologies' MAILsweeper for Exchange 5.5 | |
| |
| |
| Installation of MAILsweeper | |
| |
| |
| Configuration | |
| |
| |
| Specific Settings | |
| |
| |
| Firewall and E-mail Content Scanning | |
| |
| |
| Content Technologies' MIMEsweeper for CheckPoint's Firewall-1 | |
| |
| |
| Axent Raptor Firewall | |
| |
| |
| Attack Detection and System Scanning | |
| |
| |
| Attacks | |
| |
| |
| Real-time, Third-party Services | |
| |
| |
| Evinci | |
| |
| |
| Securify | |
| |
| |
| Summary | |
| |
| |
| FAQs | |
| |
| |
| |
| Secrets | |
| |
| |
| Lesser-known Shortcuts | |
| |
| |
| Under-documented Features and Functions | |
| |
| |
| Disable an ActiveX Control | |
| |
| |
| For Experts Only (Advanced features) | |
| |
| |
| Web Pages on Mobile Code Security Topics | |
| |
| |
| Outlook Web Access (OWA) | |
| |
| |
| Using SendMail To Refuse E-mails with the Love Letter Virus | |
| |
| |
| Troubleshooting and Optimization Tips | |
| |
| |
| Index | |