Ask the Network Guy!

Email Security comprises of the following 6 items:

• Anti-Virus
• Anti-Spam
• Anti-Phishing
• Anti-Spyware
• DoS
• Content Filtering

This is a key tool to defending your email, your network, and your servers from issues.  Individuals and businesses need to develop an Anti-Virus strategy that keeps all computers’ virus definitions up to date.  According to the DTI (UK Department of Trade) only 59% of organizations automatically update their computer systems when a new virus signature is identified.

Spam emails drain resources, time and have the potential to deliver a wide variety of harmful items from spyware to viruses.  Industry experts suggest that a successful spam solution include the following proactive measures:

• Bayesian Analysis – a statistical inference in which probabilities are interpreted not as frequencies but as degrees of belief
• Heuristic Scanning – Basically analysis guided by rules.
• Auto-white listing, The appliance/ software watched your traffic, determines who are the good guys and/or the bad guys and only allows emails from the good guys.  This is a difficult process and one that cannot just be based on who you email.  Because if a spam email sends malicious code from your computer to other spam sites, etc.  You do not want all those bad sites added to your white list.
• Real Time Black Listing, this depends on accessing lists in real-time from the industry bodies that identify dangerous websites.
• Sender Policy Framework and Sender ID, two industry initiatives that put the burden of authenticity on the sender.  In short both technologies aide in the process of authenticating the origin of the email message, and would help the process to track back where the message originated.
  

Anti-Phishing: 

Phishing is the act of sending an email to a user falsely claiming to be a legitimate source in an attempt to scam the user into providing private/personal information.  Phishing is mostly used for identity theft and or fraud.  The best defense is:

• Anti-Spam Techniques, working with Anti-spam software to identify key words used that can send the email to the junk mail immediately upon receipt. 
• Education, educating users on how to verify that an item might be phishing, as well as how to deal with that item once it has been received.  For example.  When an employee receives an email that looks like a legitimate site, do they know how to report this abusive email?  Are they confident on how to verify if the email is legitimate?  Do they inform their IT department?  Is there a mechanism in place to monitor this activity? Document the frequency?  And/or add the keywords to the SPAM filters?  Planning for these items helps to build a stronger defense.
• Awareness, this is a multi-step item.  Individuals and employees need to be aware of the phishing problem, how to determine legitimacy of the email item, and how to report the abuse.  Employees then need to make this information aware to others that might be receiving the same emails, as well as the IT department.  As an example, just as an employee needs to be aware of his/her environment and activities when walking to their car in the parking lot.  The employee also needs to be made aware and educated on malicious attacks that can be found in email.

Spyware is a broad category of malicious software intended to intercept or take control of one’s computer or computer operations, without the user’s consent.  Most spyware derives from installing software that has an added malicious program that is installed without authorization, notification, or intent.  Another source of spyware is via phishing or spam emails.  Once installed they often open channels to allow for the installation of more spyware.  The best defense is using software such as Spybot Search and Destroy to monitor and detect software.  Anti-spyware software needs to do a better job of automatically updating itself as well as automatically scan on a regular basis.  Anti-virus software does not have the mechanism to be able to defend adequately from spyware.  At the moment, a dual layer process is best.  By having both anti-virus as well as anti-spyware software installed, up to date, and scanning the systems on a regular basis, one can stay one step ahead of threats and problems

Is an attempt by attackers to prevent legitimate users from accessing a legitimate service.  For example, you have a large sales staff that relies upon accessing email when out of the office via their Blackberry.  An attacker then floods the email server so that the sales force cannot connect properly to access their email, thus reducing their efficiency.  The main defense is to identify the MAC address of the offending attackers and to block all traffic that is originating from that MAC address.  This can be time consuming and unfortunately it is hard to be proactive on this type of attack.  Because email servers often times sit outside of the network it is harder to protect email and mail exchange servers.  One technique is to build a trap door so that when a certain MAC address is trying to flood the mail server, the software recognizes this, and begins to reject anything deriving from that MAC address.  The software also needs the ability to inform your network support team that there is an issue and provide the information needed so that the IT department can block that MAC address via the firewall.

Content filtering stops the things that are not SPAM or viruses such as immoral, illegal, or just plain unpleasant materials from coming or going on the network.  Content filtering includes items such as filtering for words like: Viagra, sexually explicit content, erotica, gambling, religious items, politics, etc.  This topic should be covered by your business IT policy & procedures. 

By developing a plan that contains these 6 specific items you can reduce the risk to your company.  If you need help in developing this plan, I can help!