E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

by Syngress
E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

by Syngress

eBook

$35.99  $41.95 Save 14% Current price is $35.99, Original price is $41.95. You Save 14%.

Available on Compatible NOOK Devices and the free NOOK Apps.
WANT A NOOK?  Explore Now

Related collections and offers


Overview

The E-mail Virus Protection Handbook is organised around specific e-mail clients, server environments, and anti-virus software. The first eight chapters are useful to both users and network professionals; later chapters deal with topics relevant mostly to professionals with an emphasis on how to use e-mail filtering software to monitor all incoming documents for malicious behaviour. In addition, the handbook shows how to scan content and counter email address forgery attacks. A chapter on mobile code applications, which use Java applets and Active X controls to infect email and, ultimately, other applications and whole systems is presented.

The book covers spamming and spoofing: Spam is the practice of sending unsolicited email to users. One spam attack can bring down an entire enterprise email system by sending thousands of bogus messages or "mailbombing," which can overload servers. Email spoofing means that users receive messages that appear to have originated from one user, but in actuality were sent from another user. Email spoofing can be used to trick users into sending sensitive information, such as passwords or account numbers, back to the spoofer.

  • Highly topical! Recent events such as the LoveBug virus means the demand for security solutions has never been higher
  • Focuses on specific safeguards and solutions that are readily available to users

Product Details

ISBN-13: 9780080477534
Publisher: Elsevier Science
Publication date: 11/06/2000
Sold by: Barnes & Noble
Format: eBook
Pages: 476
File size: 13 MB
Note: This product may take a few minutes to download.

Read an Excerpt

1. Understanding the Threats

Introduction

E-mail is the essential killer application of the Internet. Although Web-based commerce, business to business (13213) transactions, and Application Service Providers (ASPs) have become the latest trends, each of these technologies is dependent upon the e-mail client/server relationship. E-mail has become the "telephone" of Internet-based economy; without e-mail, a business today is as stranded as a business of 50 years ago that lost its telephone connection. Consider that 52 percent of Fortune 500 companies have standardized to Microsoft's Exchange Server for its business solutions (see http://serverwatch.internet.com/reviews/mail-exchange2000_l.html). Increasingly, e-mail has become the preferred means of conducting business transactions. For example, the United States Congress has passed the Electronic Signatures in Global and National Commerce Act. Effective October 2000, e-mail signatures will have the same weight as pen-and-paper signatures, which will enable businesses to close multi-billion dollar deals with properly authenticated e-mail messages. Considering these two facts alone, you can see that e-mail has become critical in the global economy. Unfortunately, now that businesses have become reliant upon e-mail servers, it is possible for e-mail software to become killer applications in an entirely different sense-if they're down, they can kill your business.

There is no clear process defined to help systems administrators, management, and end-users secure their e-mail. This is not to say that no solutions exist; there are many (perhaps even too many) in the marketplace-thus, the need for this book. In thisintroductory chapter, you will learn how e-mail servers work, and about the scope of vulnerabilities and attacks common to e-mail clients and servers. This chapter also provides a summary of the content of the book. First, you will get a brief overview of how e-mail works, and then learn about historical and recent attacks. Although some of these attacks, such as the Robert Morris Internet Worm and the Melissa virus, happened some time ago, much can still be learned from them. Chief among the lessons to learn is that systems administrators need to address system bugs introduced by software manufacturers. The second lesson is that both systems administrators and end-users need to become more aware of the default settings on their clients and servers. This chapter will also discuss the nature of viruses, Trojan horses, worms, and illicit servers.

This book is designed to provide real-world solutions to real-world problems. You will learn how to secure both client and server software from known attacks, and how to take a proactive stance against possible new attacks. From learning about encrypting e-mail messages with Pretty Good Privacy (PGP) to using anti-virus and personal firewall software, to actually securing your operating system from attack, this book is designed to provide a comprehensive solution. Before you learn more about how to scan e-mail attachments and encrypt transmissions, you should first learn about some of the basics.

Essential Concepts

It is helpful to define terms clearly before proceeding. This section provides a guide to many terms used throughout this book.

Servers, Services, and Clients

A server is a full-fledged machine and operating system, such as an Intel system that is running the Red Hat 6.2 Linux operating system, or a Sparc system that is running Solaris 8. A service is a process that runs by itself and accepts network requests; it then processes the requests. In the UNIX/ Linux world, a service is called a daemon. Examples of services include those that accept Web (HTTP, or Hypertext Transfer Protocol), e-mail, and File Transfer Protocol (FTP) requests. A client is any application or system that requests services from a server. Whenever you use your e-mail client software (such as Microsoft Outlook), this piece of software is acting as a client to an e-mail server. An entire machine can become a client as well. For example, when your machine uses the Domain Name System (DNS) to resolve human readable names to IP addresses when surfing the Internet, it is acting as a client to a remote DNS server.

Authentication and Access Control

Authentication is the practice of proving the identity of a person or machine. Generally, authentication is achieved by proving that you know some unique information, such as a user name and a password. It is also possible to authenticate via something you may have, such as a key, an ATM card, or a smart card, which is like a credit card, except that it has a specialized, programmable computer chip that holds information. It is also possible to authenticate based on fingerprints, retinal eye scans, and voice prints.

Regardless of method, it is vital that your servers authenticate using industry-accepted means. Once a user or system is authenticated, most operating systems invoke some form of access control. Any network operating system (NOS) contains a sophisticated series of applications and processes that enforce uniform authentication throughout the system. Do not confuse authentication with access control. Just because you get authenticated by a server at work does not mean you are allowed access to every computer in your company. Rather, your computers maintain databases, called access control lists. These lists are components of complex subsystems that are meant to ensure proper access control, usually based on individual users and/or groups of users. Hackers usually focus their activities on trying to defeat these authentication and access control methods.

Now that you understand how authentication and access control works, let's review a few more terms.

Hackers and Attack Types

You are probably reading this book because you are:

1. Interested in protecting your system against intrusions from unauthorized users.
2. Tasked with defending your system against attacks that can crash it.
3. A fledgling hacker who wishes to learn more about how to crash or break into systems.

To many, a hacker is simply a bad guy who breaks into systems or tries to crash them so that they cannot function as intended. However, many in the security industry make a distinction between white hat hackers, who are benign and helpful types, and black hat hackers, who actually cross the line into criminal behavior, such as breaking into systems unsolicited, or simply crashing them. Others define themselves as grey hat hackers, in that they are not criminal, but do not consider themselves tainted (as a strict white hat would) by associating with black hats. Some security professionals refer to white hat hackers as hackers, and to black hat hackers as crackers. Another hacker term, script kiddie, describes those who use previously-written scripts from people who are more adept. As you might suspect, script kiddie is a derisive term.

Many professionals who are simply very talented users proudly refer to themselves as hackers, not because they break into systems, but because they have been able to learn a great deal of information over the years. These professionals are often offended by the negative connotation that the word hacker now has. So, when does a hacker become a cracker? When does a cracker become a benign hacker? Well, it all depends upon the perspective of the people involved. Nevertheless, this book will use the terms hacker, cracker, and malicious user interchangeably.

What Do Hackers Do?

Truly talented hackers know a great deal about the following:

1. Programming languages, such as C, C++, Java, Perl, JavaScript, and VBScript.

2. How operating systems work. A serious security professional or hacker understands not only how to click the right spot on an interface, but also understands what happens under the hood when that interface is clicked.

3. The history of local-area-network (LAN)- and Internet-based services, such as the Network File System (NFS), Web servers, Server Message Block (SMB, which is what allows Microsoft systems to share file and printing services), and of course e-mail servers.

4. Many hackers attack the protocols used in networks. The Internet uses Transmission Control Protocol/Internet Protocol (TCP/IP), which is a fast, efficient, and powerful transport and addressing method. This protocol is in fact an entire suite of protocols. Some of these include Telnet, DNS, the File Transfer Protocol (FTP), and all protocols associated with e-mail servers, which include the Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), and the Internet Messaging Application Protocol (IMAP).

5. How applications interact with each other. Today's operating systems contain components that allow applications to "talk" to each other efficiently. For example, using Microsoft's Component Object Model (COM) and other technologies, one application, such as Word, can send commands to others on the local machine, or even on remote machines. Hackers understand these subtle relationships, and craft applications to take advantage of them.

A talented hacker can quickly create powerful scripts in order to exploit a system....

Table of Contents

Introduction

Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

Introduction

Essential Concepts

Servers, Services, and Clients

Authentication and Access Control

Hackers and Attack Types

What Do Hackers Do?

Attack Types

Overview of E-mail Clients and Servers

Understanding a Mail User Agent and a Mail Transfer Agent

The Mail Delivery Agent

When Are Security Problems Introduced?

History of E-mail Attacks

The MTA and the Robert Morris Internet Worm

MDA Attacks

Analyzing Famous Attacks

Case Study

Learning from Past Attacks

Viruses

Worms

Types of Worms

Trojans

Illicit Servers

Differentiating between Trojans and Illicit Serversxiv Contents

E-mail Bombing

Sniffing Attacks

Carnivore

Spamming and Security

Common Authoring Languages

Protecting Your E-mail

Protecting E-mail Clients

Third-party Applications

Encryption

Hash Encryption and Document Signing

Summary

FAQs

Chapter 2: Securing Outlook 2000

Introduction

Common Targets, Exploits, and Weaknesses

The Address Book

The Mail Folders

Visual Basic Files

Attacks Specific to This Client

Security Updates

Enabling Filtering

Junk E-mail

Filtering Keywords

Mail Settings and Options

HTML Messages

Zone Settings

Enabling S/MIME

Why You Should Use Public Key Encryption

Installing and Enabling Pretty Good Privacy (PGP)

Understanding Public Key Encryption

Summary

FAQs

Chapter 3: Securing Outlook Express 5.0 and Eudora 4.3

Introduction

Outlook Express for Windows

Security Settings

Attachments

Outlook Express for Macintosh

Junk Mail Filter

Message Rules

Attachments

Eudora for Windows and Macintosh

Security

Attachments

Filtering

Enabling PGP for both Outlook Express and Eudora

Sending and Receiving PGP-Secured Messages

Automatic Processing of Messages

File Attachments and PGP

Summary

FAQs

Chapter 4: Web-based Mail Issues

Introduction

Choices in Web-based E-mail Services

Why Is Web-based E-mail So Popular?

The Cost of Convenience

Specific Weaknesses

Case Study

Specific Sniffer Applications

Code-based Attacks

Solving the Problem

Using Secure Sockets Layer (SSL)

Secure HTTP

Practical Implementations

Local E-mail Servers

Using PGP with Web-based E-mail

Making Yourself Anonymous

Summary

FAQs

Chapter 5: Client-Side Anti-Virus Applications

Introduction

McAfee VirusScan 5

Norton AntiVirus 2000

Trend Micro PC-cillin 2000

Summary

FAQs

Chapter 6: Mobile Code Protection

Introduction

Dynamic E-mail

Active Content

Taking Advantage of Dynamic E-mail

Dangers

No Hiding Behind the Firewall

Mobile Code

Java

Security Model

Points of Weakness

How Hackers Take Advantage

Precautions You Can Take

JavaScript

Security Model

Points of Weakness

How Hackers Take Advantage

Precautions to Take

ActiveX

Security Model

Points of Weakness

How Hackers Can Take Advantage

Precautions to Take

VBScript

Security Model

Points of Weakness

How Hackers Take Advantage

Precautions to Take

Summary

FAQs

Chapter 7: Personal Firewalls

Introduction

What Is a Personal Firewall?

Blocks Ports

Block IP Addresses

Access Control List (ACL)

Execution Control List (ECL)

Intrusion Detection

Personal Firewalls and E-mail Clients

False Positives

Network Ice BlackICE Defender 2.1

Installation

Configuration

E-mail and BlackICE

Aladdin Networks’ eSafe, Version 2.2

Installation

Configuration

E-mail and ESafe

Norton Personal Firewall 2000 2.0

Installation

Configuration

ZoneAlarm 2.1

Installation

Configuration

E-mail and ZoneAlarm

Summary

FAQs

Chapter 8: Securing Windows 2000 Advanced Server and Red Hat Linux 6 for E-mail Services

Introduction

Updating the Operating System

Microsoft Service Packs

Red Hat Linux Updates and Errata Service Packages

Disabling Unnecessary Services and Ports

Windows 2000 Advanced Server—Services to Disable

Internet Information Services (IIS)

Red Hat Linux—Services to Disable

Inetd.conf

Locking Down Ports

Well-Known and Registered Ports

Determining Ports to Block

Blocking Ports in Windows

Blocking Ports in Linux

Maintenance Issues

Microsoft Service Pack Updates, Hot Fixes, and Security Patches

Red Hat Linux Errata: Fixes and Advisories

Windows Vulnerability Scanner (ISS System Scanner)

Linux Vulnerability Scanner (WebTrends Security Analyzer)

Logging

Common Security Applications

Firewall Placement

Summary

FAQs

Chapter 9: Microsoft Exchange Server 5.5

Introduction

Securing the Exchange Server from Spam

Exchange and Virus Attacks: Myths and Realities

Learning from Recent Attacks

Exchange Maintenance

Service Packs

Plug-ins and Add-ons

Third-party Add-ons

Microsoft Utilities

Content Filtering

Attachment Scanning

Recovery

Backing Up Data

Restoring Data

Summary

FAQs

Chapter 10: Sendmail and IMAP Security

Introduction

Sendmail and Security: A Contradiction in Terms?

Sendmail’s History

Threats to SendMail Security

Fixes

Alternatives: Postfix and Qmail

Comparing Your Options

Internet Message Access Protocol (IMAP)

The IMAP Advantage

Understanding IMAP Implementations

Administering the Server

IMAP Summary

Recovery

Backing Up Data

Restoring Data

The Bottom Line on Backup

Summary

FAQs

Chapter 11: Deploying Server-side E-mail Content Filters and Scanners

Introduction

Overview of Content Filtering

Filtering by Sender

Filtering by Receiver

Subject Headings and Message Body

Overview of Attachment Scanning

Attachment Size

Attachment Type (Visual Basic, Java, ActiveX)

McAfee GroupShield

Installation of GroupShield

Configuration

Specific Settings

Trend Micro ScanMail for Exchange Server

Installation of ScanMail

Configuration

Specific Settings

Additional ScanMail Offerings

Content Technologies’ MAILsweeper for Exchange 5.5

Installation of MAILsweeper

Configuration

Specific Settings

Firewall and E-mail Content Scanning

Content Technologies MIMEsweeper for CheckPoint’s Firewall-1

Axent Raptor Firewall

Attack Detection and System Scanning

Attacks

Real-time, Third-party Services

Evinci

Securify

Summary

FAQs

Appendix: Secrets

Lesser-known Shortcuts

Under-documented Features and Functions

Disable an ActiveX Control

For Experts Only (Advanced features)

Web Pages on Mobile Code Security Topics

Outlook Web Access (OWA)

Using SendMail To Refuse E-mails with the Love Letter Virus

Troubleshooting and Optimization Tips

Index


From the B&N Reads Blog

Customer Reviews