Security Protection

Similar documents
Phishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO

TrendMicro Hosted Security. Best Practice Guide

Security & Phishing

with Advanced Protection

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

FAQ. Usually appear to be sent from official address

NHS South Commissioning Support Unit

Trustwave SEG Cloud BEC Fraud Detection Basics

Anti-Spoofing. Inbound SPF Settings

COSC 301 Network Management. Lecture 14: Electronic Mail

Best Practices. Kevin Chege

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Authentication GUIDE. Frequently Asked QUES T ION S T OGETHER STRONGER

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

Office 365 Integration Guide Software Version 6.7

Security. The DynaSis Education Series for C-Level Executives

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.

Cyber Security Guide for NHSmail

Office 365 Buyers Guide: Best Practices for Securing Office 365

Cloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

KASPERSKY SECURITY FOR MICROSOFT OFFICE s are sent every second. It only takes one to bring down your business.

FRAUD DEFENSE: How To Fight The Next Generation of Targeted BEC Attacks

Mail Assure Quick Start Guide

Secure solutions for advanced threats

On the Surface. Security Datasheet. Security Datasheet

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CloudSOC and Security.cloud for Microsoft Office 365

Handling unwanted . What are the main sources of junk ?

Mail Assure. Quick Start Guide

3.5 SECURITY. How can you reduce the risk of getting a virus?

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Security by Any Other Name:

Correlation and Phishing

Service Provider View of Cyber Security. July 2017

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Fraud and More

Introduction to Antispam Practices

Using Centralized Security Reporting

Office 365: Secure configuration

Phishing in the Age of SaaS

Intelligent and Secure Network

Evolution of Spear Phishing. White Paper

ANATOMY OF AN ATTACK!

The Challenge of Spam An Internet Society Public Policy Briefing

S a p m a m a n a d n d H a H m 성균관대학교 최형기

Phishing: When is the Enemy

BEST PRACTICES FOR PERSONAL Security

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Getting Started with DMARC A Guide for Federal Agencies Complying with BOD 18-01

Endpoint Protection : Last line of defense?

Cisco Security: Advanced Threat Defense for Microsoft Office 365

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

An Executive s FAQ About Authentication

SECURING YOUR HOME NETWORK

Train employees to avoid inadvertent cyber security breaches

9 Steps to Protect Against Ransomware

Security and Privacy

Getting Started with DMARC. A Guide for Federal Agencies Complying with BOD 18-01

Binarytech Digital Education Karta Allahabad ( Notes)

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

IT ANTI-VIRUS POLICY Version 2.5

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

I G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1

REPORT. proofpoint.com

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Unique Phishing Attacks (2008 vs in thousands)

Phishing. A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Modern attacks and malware

How to Conquer Targeted Threats: SANS Review of Agari Enterprise Protect

Personal Cybersecurity

Employee Security Awareness Training

PEOPLE CENTRIC SECURITY THE NEW

Cyber Insurance: What is your bank doing to manage risk? presented by

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Comodo Dome Antispam Software Version 6.0

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Symantec Ransomware Protection

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Target Breach Overview

AKAMAI CLOUD SECURITY SOLUTIONS

THE CLOUD SECURITY CHALLENGE:

An electronic mailing list is a way to distribute information to many Internet users using . It is a list of names and addresses, similar to a

2014 INTERNET COMMERCE CASE STUDY. The Battle Against Phishing and Fraudulent s. 100 S. Ellsworth Ave 4th Floor San Mateo, CA

How to recognize phishing s

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Security Gap Analysis: Aggregrated Results

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

CISO Success Strategies: On Becoming a Security Business Leader

2018 Edition. Security and Compliance for Office 365

Security Using Digital Signatures & Encryption

Synchronized Security

UK Healthcare: DMARC Adoption Report Security in Critical Condition

Transcription:

Email Security Protection Loay Alayadhi Abstract: Email is the most important business communication tool. Security has been an issue in mail from ancient times. Therefore, email security protection has become a hot topic in information technologies domain. Discuss how email as technology is working and what protocols are used (SMTP, MX, Etc. ) become very important for security practitioner to know the threats, issues and weakens of email solution. Going through the most well-known and updated email threats will help to understand more what threats was in the past, what is still exist and what is new? Examples: Phsihing, SPAM, Malware,..etc. Prevention and protection techniques for emails is one of points that helps in organization to know what and how chose the right solution. Also, some new features that most email security nowadays come with such as Encryption and DLP (Data Leakage Prevention). Best practices for government is very important and what is the best way to use emails in secure manner. Introduction Email remains the single most important communication tool in today s business world. Each day, billions of corporate email messages are exchanged between computers, phones and tablets. Because it s so widely used, it s also the number one threat vector. As email usage has increased, so have email related threats. Currently, 86% of all global email traffic is spam. Email Technology? Email is much older than ARPANet or the Internet. It was never invented; it evolved from very simple beginnings. In 1975 John Vittal developed some software to organize email. By 1976 email had really taken off, and commercial packages began to appear. Within a couple of years, 75% of all ARPANET traffic was email. The first important email standard was called SMTP, or simple message transfer protocol. SMTP (RFC 821) was very simple and is still in use - however, SMTP was a fairly naïve protocol, and made no attempt to find out whether the person claiming to send a message was the person they purported to be. Forgery was (and still is) very easy in email addresses. These basic flaws in the protocol were later to be exploited by viruses and worms, and by security frauds and spammers forging identities. SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. However, since it is limited in its ability to queue messages at the receiving end, it is usually used with one of two other protocols, POP3 or IMAP, that let the user save messages in a server mailbox and download them periodically from the server. In other words, users typically use a program that uses SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. SMTP designed around the

idea of cooperation and trust between servers. Since most SMTP servers would be asked to handle a certain number of intermediate transfers, each server was required to accept mail from any originator to be delivered to any destination. Cyber criminals are smarter and more creative than ever in their tactics, coming up with new and inventive ways to breach your network. Some of the latest attacks include phishing, spoofing or ransomware. Another subject in email technology is routing. How to deliver email from sender to receiver? MX (Mail exchange) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain, and a preference value used to prioritize mail delivery if multiple mail servers are available. The MX record uses preference values to specify the routing order (low value = high priority). when mail is sent to example1.test.sa the MDA (Mail Delivery Agent) tries to reroute the mail to mailhost.test.sa which has the lowest value, and therefore the highest priority. If that fails, it tries mailhost2.test.sa and finally mailhost3.test.sa. example1.test.sa 86400 A 192.168.10.10 example1.test.sa 86400 MX 10 mailhost.test.sa example1.test.sa 86400 MX 20 mailhost2.test.sa example1.test.sa 86400 MX 30 mailhost3.test.sa Authentication still one of the issue when talking about Email security. Next section will discuss some of email authentication methods. Enhancing Email Security (SPF,DKIM,DMARC) An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. (SPF) is an antispam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing. SPF and other anti-spoofing initiatives, such as Domain Keys, work by making it easier for a mail server to determine when a message came from a domain other than the one claimed. when we look into SPF record for example mail.test.sa which we will pretend looks like below: mail.test.sa TXT "v=spf1 a -all" This record tells us that the only host that can announce itself as mail.test.sa is mail.test.sa (indicated by the "a"). So in this case: If the IP address of the sending server matches the IP address of mail.test.sa, we have a Pass result for SPF. If the IP address of the sending server does not match the IP address of mail.test.sa, we proceed to the next part of the SPF record, -all, which yields a Fail result. An DKIM (Domain Keys Identified Mail) is a process to validate sending domain names associated to email messages through cryptographic authentication. It achieves

this by inserting a digital signature into the message header which is later verified by the receiving host to validate the authenticity of the sending domain. The process of setting up DKIM involves serval tasks. The main two steps are: Create Policy record This is a DNS TXT-record with the name "_domainkey" prefixed to the domain name - for example "_domainkey.test.com". The data of this TXTrecord contains the policy which is basically either "o=-" or "o=~" "o=-" means "all e-mails from this domain are signed". "o=~" means "some e-mails from this domain are signed". Create Public Key Record The public key will be used in your public-facing DNS TXT record along with what s called a policy record. The private key will be used on your sending MTA. When an outbound message is sent from the sending MTA, it will add the private key to the message header for identification and validation by the receiving domain by way of the public key. This uses a new domain name identifier to digitally sign the message _domainkey TXT o=~; r=postmaster@test.com test.com._do mainkey TXT k=rsa; t=y; p=gimfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqcfvzzoj6y Zph/1oTroL1NhkfHmMgZy uuynbrvvpkxzqaezmhmc+s+kxvp7tuppqyz6ckselzqdwjv9jz 10u3zx1eB+Bmqc8cYA2oxZdda3EaJ/LEYtI A1auXxHzY2qaElIToSLrV97il19F3m4p6V5M6Yho9zxfIfrlTHSECLsrQI DAQBA DMARC (Domain-based Message Authentication, Reporting and Conformance) is empowers SPF and DKIM by stating a clear policy which should be used about both the aforementioned tools and allows to set an address which can be used to send reports about the mail messages statistics gathered by receivers against the specific domain. DMARC s alignment feature prevents spoofing of the header from address by: Matching the header from domain name with the envelope from domain name used during an SPF check. Matching the header from domain name with the d= domain name in the DKIM signature. Email Security Threats When you are searching for the most email security threats in the last three years you will find it falls into three main threats SPAM Phasing Malware (Ransomware )

SPAM is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender. Spam creators continue to persuade users to click attachments (such as PDFs carrying malware) or links within messages through clever social engineering. As Figure below, spam authors create attachments or links that purport to contain vital information about bills and invoices, travel arrangements, or business quotes. Spammers also create versions of their messages in other languages to snare more victims. Phishing is an attempt to fraudulently acquire sensitive information (such as usernames, passwords, and credit card details) by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email and often directs users to enter details at a fake website. As Internet users become more adept at detecting clumsy attempts to phish personal information, spammers are selectively phishing smaller and smaller demographics with content that appeals specifically to each group. This form of highly targeted, socially engineered email is called targeted phishing, or spear phishing, and can fool even the savviest of Internet users. DMARC, SPF, and DKIM can be very effective at detecting targeted phishing messages, but they have limitations. According to the Authentication and Online Trust Alliance (AOTA), about half of all legitimate email worldwide is currently authenticated. This level of adoption means that high-profile executives, who receive extremely high levels of spam and phishing emails, can benefit from additional email

filtering and blocking tools based on email authentication failures. So thinking for enabling a multilayered approach that involves monitoring worldwide email and web traffic, and using sophisticated web reputation filters in addition to authentication techniques will help in reduce this type attack. Malware Viruses, worms, Trojans, and bots are all part of a class of software called malware. Malware or malicious code. Ransomware is a type of malware that holds a large collection of data hostage on a victim's computer, including important documents, photos and videos. Once installed, the victim is shown a user interface explaining that the files will be destroyed unless the victim pays a bitcoin ransom to the hackers. Email is one of the famous delivery method for ransomware. Therefore, stopping ransomware before reaching the recipient become very important. Although it is not a new threat, it has evolved to become the most profitable malware type in history. In the first half of 2016, ransomware campaigns targeting both individual and enterprise users became more widespread and potent. Email and malicious advertising (malvertising) are the primary vectors for ransomware campaigns. Email Protection To start discussion about the different approach of how to protect email form advanced attacks is to set the right strategic on how to build your security controls. Referring to Lawrence Orans from Gartner Network security architects should accept the reality that, in 2016, it is unreasonable to expect that they can build perimeter defenses that will block every attack and prevent every security breach. Instead, they need to adopt new products and/or services that will enable the network to be an integral part of a strategy that focuses on detecting and responding to security incidents So, building threat-centric and operationalized approach to security reduces complexity and fragmentation while providing superior visibility, consistent control, and advanced threat protection before, during, and after an attack. For email part we can divide the type of mitigation by the email flow (inbound / out bound) Inbound Protection: Email reputation helps to take large amount of percentage of dirty before even start processing it. Anti-Spam solution by creating a rule that determines if this is spam or if it isn t spam or if this is suspected spam or if this is marketing email, etc. Anti-Virus solution where looking for infections and if its infected messages then can take action: drop them, clean them, quarantine, deliver, etc Threat Intelligent filters where update the email gateway with feeds and finding of new attacks. Content analysis where can do in real time URL analysis. Anti-Malware solution which include two techniques file reputation and advance behavior analytics (Sandboxing)

Outbound Controls: It s almost the same as the inbound solutions however there are mainly two important solutions that every email should support. Data leakages Prevention (DLP) Encryption Best Practices This section is the very important for any security practitioner as it helps him to build and implement controls that mitigate and reduce risk for his organization. Here we need to differentiate between the end-user best practices and security engineer best practices. Starting with end-user who is usually using email in his daily job he must adhere to the company email and accept use policies. In addition to that, below some most important practices: If you do not know the sender of an unsolicited email message, delete it Never respond to any spam messages or click on any links in the message Think carefully before you provide your email address on websites, newsgroup lists or other online public forum Never use organization email address for personal use. Don t open attachments in suspicious emails For security practitioner it s very important they make sure that user is aware and get the right training that make them capable to handle suspicious emails. In other words, awareness and training for non-it user is substantial. Beside that there are technical practices that also should following : implement authentication (SPF,DKIM,DMARC) Multilayer security controls (Reputation, Anti-virus, Anti-malware. etc.) Behavior analytics and Sandboxing solutions DLP and Encryptions Summary Cybercriminal business models have recently shifted toward low-volume targeted attacks. With email remaining the primary attack vector, these attacks are increasing in both their frequency and their financial impact on targeted organizations. As in the last Gartner report for Email security Gateway 2015 The secure email gateway market is experiencing renewed interest due largely to an increase in targeted phishing attacks. Vendors are responding with URL link protection and attachment sandboxing, but have not addressed social engineering attacks with no payload

Thinking what is the weakest ring in any organization is Human, therefore you see that social engineering is still important subject that must consider in any security solution.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback