| |
| |
Introduction | |
| |
| |
| |
Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers | |
| |
| |
Introduction | |
| |
| |
Essential Concepts | |
| |
| |
Servers, Services, and Clients | |
| |
| |
Authentication and Access Control | |
| |
| |
Hackers and Attack Types | |
| |
| |
What Do Hackers Do? | |
| |
| |
Attack Types | |
| |
| |
Overview of E-mail Clients and Servers | |
| |
| |
Understanding a Mail User Agent and a Mail Transfer Agent | |
| |
| |
The Mail Delivery Agent | |
| |
| |
When Are Security Problems Introduced? | |
| |
| |
History of E-mail Attacks | |
| |
| |
The MTA and the Robert Morris Internet Worm | |
| |
| |
MDA Attacks | |
| |
| |
Analyzing Famous Attacks | |
| |
| |
Case Study | |
| |
| |
Learning from Past Attacks | |
| |
| |
Viruses | |
| |
| |
Worms | |
| |
| |
Types of Worms | |
| |
| |
Trojans | |
| |
| |
Illicit Servers | |
| |
| |
Differentiating between Trojans and Illicit Servers | |
| |
| |
E-mail Bombing | |
| |
| |
Sniffing Attacks | |
| |
| |
Carnivore | |
| |
| |
Spamming and Security | |
| |
| |
Common Authoring Languages | |
| |
| |
Protecting Your E-mail | |
| |
| |
Protecting E-mail Clients | |
| |
| |
Third-party Applications | |
| |
| |
Encryption | |
| |
| |
Hash Encryption and Document Signing | |
| |
| |
Protecting the Server | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Securing Outlook 2000 | |
| |
| |
Introduction | |
| |
| |
Common Targets, Exploits, and Weaknesses | |
| |
| |
The Address Book | |
| |
| |
The Mail Folders | |
| |
| |
Visual Basic Files | |
| |
| |
Attacks Specific to This Client | |
| |
| |
No Attachment Security | |
| |
| |
Default Settings Are Not Secure | |
| |
| |
Zone Security | |
| |
| |
Word 2000 as the Outlook E-mail Editor | |
| |
| |
Security Updates | |
| |
| |
Enabling Filtering | |
| |
| |
Junk E-mail | |
| |
| |
Filtering Keywords | |
| |
| |
Mail Settings and Options | |
| |
| |
HTML Messages | |
| |
| |
Zone Settings | |
| |
| |
Attachment Security | |
| |
| |
Attachment Security After Applying Outlook E-mail Security Update | |
| |
| |
Enabling S/MIME | |
| |
| |
Why You Should Use Public Key Encryption | |
| |
| |
Installing and Enabling Pretty Good Privacy (PGP) | |
| |
| |
Installing PGP | |
| |
| |
Understanding Public Key Encryption | |
| |
| |
Generating a Key Pair | |
| |
| |
Exchanging Keys | |
| |
| |
Key Distribution Sites | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Securing Outlook Express 5.0 and Eudora 4.3 | |
| |
| |
Introduction | |
| |
| |
Outlook Express for Windows | |
| |
| |
Security Settings | |
| |
| |
Secure Mail | |
| |
| |
Security Zones | |
| |
| |
Attachments | |
| |
| |
Outlook Express for Macintosh | |
| |
| |
Junk Mail Filter | |
| |
| |
Message Rules | |
| |
| |
Attachments | |
| |
| |
Case Study: Automated Virus Scanning of Mail Attachments | |
| |
| |
Eudora for Windows and Macintosh | |
| |
| |
Security | |
| |
| |
Attachments | |
| |
| |
Filtering | |
| |
| |
Enabling PGP for both Outlook Express and Eudora | |
| |
| |
Sending and Receiving PGP-Secured Messages | |
| |
| |
Eudora for Windows | |
| |
| |
Outlook Express for Windows | |
| |
| |
Eudora for Macintosh | |
| |
| |
Outlook Express for Macintosh | |
| |
| |
Automatic Processing of Messages | |
| |
| |
File Attachments and PGP | |
| |
| |
Case Study: Securing File Attachments with PGP | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Web-based Mail Issues | |
| |
| |
Introduction | |
| |
| |
Choices in Web-based E-mail Services | |
| |
| |
Why Is Web-based E-mail So Popular? | |
| |
| |
The Cost of Convenience | |
| |
| |
Specific Weaknesses | |
| |
| |
Internet Architecture and the Transmission Path | |
| |
| |
Reading Passwords | |
| |
| |
Case Study | |
| |
| |
Specific Sniffer Applications | |
| |
| |
Code-based Attacks | |
| |
| |
The PHF Bug | |
| |
| |
Hostile Code | |
| |
| |
Taking Advantage of System Trusts | |
| |
| |
Cracking the Account with a "Brute Force" or Dictionary Application | |
| |
| |
Physical Attacks | |
| |
| |
Cookies and Their Associated Risks | |
| |
| |
Solving the Problem | |
| |
| |
Using Secure Sockets Layer (SSL) | |
| |
| |
Secure HTTP | |
| |
| |
Practical Implementations | |
| |
| |
Local E-mail Servers | |
| |
| |
Using PGP with Web-based E-mail | |
| |
| |
Making Yourself Anonymous | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Client-Side Anti-Virus Applications | |
| |
| |
Introduction | |
| |
| |
McAfee VirusScan 5 | |
| |
| |
Availability of VirusScan | |
| |
| |
Updates of Virus Definition Files | |
| |
| |
Installation of VirusScan 5 | |
| |
| |
Configuration of VirusScan 5 | |
| |
| |
Norton AntiVirus 2000 | |
| |
| |
Availability of Norton AntiVirus 2000 | |
| |
| |
Updates of Norton AntiVirus 2000 Definition Files | |
| |
| |
Installation of Norton AntiVirus 2000 | |
| |
| |
Configuration of Norton AntiVirus 2000 | |
| |
| |
Trend Micro PC-cillin 2000 | |
| |
| |
Availability of Trend Micro PC-cillin 2000 | |
| |
| |
Updates of PC-cillin Virus Definition Files | |
| |
| |
Installation of Trend Micro PC-cillin 2000 | |
| |
| |
Configuration of Trend Micro PC-cillin 2000 | |
| |
| |
Trend PC-cillin 2000 Configuration Settings | |
| |
| |
Trend Micro PC-cillin 2000 Links | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Mobile Code Protection | |
| |
| |
Introduction | |
| |
| |
Dynamic E-mail | |
| |
| |
Active Content | |
| |
| |
Taking Advantage of Dynamic E-mail | |
| |
| |
Composing an HTML E-mail | |
| |
| |
Inserting Your Own HTML File | |
| |
| |
Sending an Entire Web Page | |
| |
| |
Dangers | |
| |
| |
No Hiding Behind the Firewall | |
| |
| |
Mobile Code | |
| |
| |
Java | |
| |
| |
Security Model | |
| |
| |
Playing in the Sandbox | |
| |
| |
Playing Outside the Sandbox | |
| |
| |
Points of Weakness | |
| |
| |
Background Threads | |
| |
| |
Hogging System Resources | |
| |
| |
I Swear I Didn't Send That E-mail | |
| |
| |
Scanning for Files | |
| |
| |
How Hackers Take Advantage | |
| |
| |
Spam Verification | |
| |
| |
Theft of Processing Power | |
| |
| |
Unscrupulous Market Research | |
| |
| |
Applets Are Not That Scary | |
| |
| |
Precautions You Can Take | |
| |
| |
JavaScript | |
| |
| |
Security Model | |
| |
| |
Points of Weakness | |
| |
| |
How Hackers Take Advantage | |
| |
| |
Web-Based E-mail Attacks | |
| |
| |
Are Plug-in Commands a Threat? | |
| |
| |
Social Engineering | |
| |
| |
Precautions to Take | |
| |
| |
ActiveX | |
| |
| |
Security Model | |
| |
| |
Safe for Scripting | |
| |
| |
Points of Weakness | |
| |
| |
How Hackers Can Take Advantage | |
| |
| |
Preinstalled ActiveX Controls | |
| |
| |
Bugs Open the Door | |
| |
| |
Intentionally Malicious ActiveX | |
| |
| |
My Mistake... | |
| |
| |
Trojan Horse Attacks | |
| |
| |
Precautions to Take | |
| |
| |
VBScript | |
| |
| |
Security Model | |
| |
| |
Points of Weakness | |
| |
| |
VBScript, Meet ActiveX | |
| |
| |
How Hackers Take Advantage | |
| |
| |
Social Engineering Exploits | |
| |
| |
VBScript-ActiveX Can Double Team Your Security | |
| |
| |
Precautions to Take | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Personal Firewalls | |
| |
| |
Introduction | |
| |
| |
What Is a Personal Firewall? | |
| |
| |
Blocks Ports | |
| |
| |
Block IP Addresses | |
| |
| |
Access Control List (ACL) | |
| |
| |
Execution Control List (ECL) | |
| |
| |
Intrusion Detection | |
| |
| |
Personal Firewalls and E-mail Clients | |
| |
| |
Levels of Protection | |
| |
| |
False Positives | |
| |
| |
Network Ice BlackICE Defender 2.1 | |
| |
| |
Installation | |
| |
| |
Configuration | |
| |
| |
E-mail and BlackICE | |
| |
| |
Aladdin Networks' eSafe, Version 2.2 | |
| |
| |
Installation | |
| |
| |
Configuration | |
| |
| |
E-mail and ESafe | |
| |
| |
Norton Personal Firewall 2000 2.0 | |
| |
| |
Installation | |
| |
| |
Configuration | |
| |
| |
ZoneAlarm 2.1 | |
| |
| |
Installation | |
| |
| |
Configuration | |
| |
| |
E-mail and ZoneAlarm | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Securing Windows 2000 Advanced Server and Red Hat Linux 6 for E-mail Services | |
| |
| |
Introduction | |
| |
| |
Updating the Operating System | |
| |
| |
Microsoft Service Packs | |
| |
| |
Red Hat Linux Updates and Errata Service Packages | |
| |
| |
Disabling Unnecessary Services and Ports | |
| |
| |
Windows 2000 Advanced Server--Services to Disable | |
| |
| |
The Server Service | |
| |
| |
Internet Information Services (IIS) | |
| |
| |
Red Hat Linux--Services to Disable | |
| |
| |
Inetd.conf | |
| |
| |
Rlogin | |
| |
| |
Locking Down Ports | |
| |
| |
Well-Known and Registered Ports | |
| |
| |
Determining Ports to Block | |
| |
| |
Blocking Ports in Windows | |
| |
| |
Blocking Ports in Linux | |
| |
| |
Inetd Services | |
| |
| |
Stand-Alone Services | |
| |
| |
Maintenance Issues | |
| |
| |
Microsoft Service Pack Updates, Hot Fixes, and Security Patches | |
| |
| |
Case Study | |
| |
| |
Red Hat Linux Errata: Fixes and Advisories | |
| |
| |
Case Study | |
| |
| |
Windows Vulnerability Scanner (ISS System Scanner) | |
| |
| |
Linux Vulnerability Scanner (WebTrends Security Analyzer) | |
| |
| |
Logging | |
| |
| |
Windows 2000 Advanced Server | |
| |
| |
Linux | |
| |
| |
Common Security Applications | |
| |
| |
Firewall Placement | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Microsoft Exchange Server 5.5 | |
| |
| |
Introduction | |
| |
| |
Securing the Exchange Server from Spam | |
| |
| |
Configuring the IMS To Block E-mail Attacks | |
| |
| |
Exchange and Virus Attacks: Myths and Realities | |
| |
| |
Learning from Recent Attacks | |
| |
| |
Case Study: Preparing for Virus Attacks | |
| |
| |
Exchange Maintenance | |
| |
| |
Service Packs | |
| |
| |
Plug-ins and Add-ons | |
| |
| |
Third-party Add-ons | |
| |
| |
Microsoft Utilities | |
| |
| |
Content Filtering | |
| |
| |
Case Study: Content Scanning | |
| |
| |
Attachment Scanning | |
| |
| |
Recovery | |
| |
| |
Backing Up Data | |
| |
| |
Restoring Data | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Sendmail and IMAP Security | |
| |
| |
Introduction | |
| |
| |
Sendmail and Security: A Contradiction in Terms? | |
| |
| |
Sendmail's History | |
| |
| |
Threats to SendMail Security | |
| |
| |
Anatomy of a Buffer Overflow | |
| |
| |
A Buffer Overflow Illustrated | |
| |
| |
Sendmail and the Root Privilege | |
| |
| |
Fixes | |
| |
| |
Stay Current | |
| |
| |
Stay Informed | |
| |
| |
Protect Your Resources | |
| |
| |
Minimize Risk | |
| |
| |
Alternatives: Postfix and Qmail | |
| |
| |
Postfix | |
| |
| |
Qmail | |
| |
| |
Comparing Your Options | |
| |
| |
Configuring Sendmail | |
| |
| |
Internet Message Access Protocol (IMAP) | |
| |
| |
The IMAP Advantage | |
| |
| |
Understanding IMAP Implementations | |
| |
| |
UW IMAP | |
| |
| |
Cyrus IMAP | |
| |
| |
One IMAP, Many Choices | |
| |
| |
Administering the Server | |
| |
| |
The Users | |
| |
| |
The Mail Store | |
| |
| |
Protecting the Messages | |
| |
| |
Strengthening Authentication | |
| |
| |
Securing Access | |
| |
| |
From the Client Side | |
| |
| |
IMAP Summary | |
| |
| |
Recovery | |
| |
| |
Backing Up Data | |
| |
| |
Restoring Data | |
| |
| |
The Bottom Line on Backup | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Deploying Server-side E-mail Content Filters and Scanners | |
| |
| |
Introduction | |
| |
| |
Overview of Content Filtering | |
| |
| |
Filtering by Sender | |
| |
| |
Filtering by Receiver | |
| |
| |
Subject Headings and Message Body | |
| |
| |
Overview of Attachment Scanning | |
| |
| |
Attachment Size | |
| |
| |
Attachment Type (Visual Basic, Java, ActiveX) | |
| |
| |
McAfee GroupShield | |
| |
| |
Installation of GroupShield | |
| |
| |
Configuration | |
| |
| |
Specific Settings | |
| |
| |
Trend Micro ScanMail for Exchange Server | |
| |
| |
Installation of ScanMail | |
| |
| |
Configuration | |
| |
| |
Specific Settings | |
| |
| |
Additional ScanMail Offerings | |
| |
| |
Content Technologies' MAILsweeper for Exchange 5.5 | |
| |
| |
Installation of MAILsweeper | |
| |
| |
Configuration | |
| |
| |
Specific Settings | |
| |
| |
Firewall and E-mail Content Scanning | |
| |
| |
Content Technologies' MIMEsweeper for CheckPoint's Firewall-1 | |
| |
| |
Axent Raptor Firewall | |
| |
| |
Attack Detection and System Scanning | |
| |
| |
Attacks | |
| |
| |
Real-time, Third-party Services | |
| |
| |
Evinci | |
| |
| |
Securify | |
| |
| |
Summary | |
| |
| |
FAQs | |
| |
| |
| |
Secrets | |
| |
| |
Lesser-known Shortcuts | |
| |
| |
Under-documented Features and Functions | |
| |
| |
Disable an ActiveX Control | |
| |
| |
For Experts Only (Advanced features) | |
| |
| |
Web Pages on Mobile Code Security Topics | |
| |
| |
Outlook Web Access (OWA) | |
| |
| |
Using SendMail To Refuse E-mails with the Love Letter Virus | |
| |
| |
Troubleshooting and Optimization Tips | |
| |
| |
Index | |