4/20/2014
1. The first Threat is Viruses have been around for years, but that doesn't make them any less dangerous or easy to eradicate. New, more destructive viruses and worms are being unleashed at an alarming rate.
The Second threat is Spam. Spam is expected to increase to 80 to 90 percent of total email. Moreover, the boundary between spam and viruses is blurring. New viruses turn desktop PCs into spam-spewing "zombies." There is also a new type of spamming technique called "phishing," used to dupe recipients into providing confidential personal identity information.
The third threat is known as Directory Harvest Attacks or also known as "dictionary attacks," this technique steals proprietary information from corporate directories. During a DHA, spammers attempt to deliver messages to multiple addresses, such as johndoe@yourcompany.com, jdoe@yourcompany.com, and john@yourcompany.com. Addresses that are not rejected by the receiving mail server are determined to be valid. A successful DHA can net a spammer thousands of corporate email addresses in just a few minutes.
2. 1) Disable open relaying on all SMTP virtual servers: Open relay on your Exchange Server allows other Email servers to use your server as a gateway to others. This allows others to send spam Email which appears to be originated from your address, therefore you will be identified as a spam source.
2) Prevent anonymous access on internal SMTP virtual servers and dedicated SMTP virtual servers for IMAP and POP clients: Because all Exchange servers within your organization authenticate with each other to send mail, you do not need to enable anonymous access on your internal Simple Mail Transfer Protocol (SMTP) virtual servers. Additionally, all Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) clients authenticate with your SMTP virtual server, so anonymous access is not required on a server that is used exclusively by POP and IMAP clients.
3) Restricting Submissions to Distribution Lists and Users: Restrict who can send e-mail messages to an individual user or a distribution list. Restricting submissions on a distribution list prevents non-trusted senders, such as unauthorized Internet users, from sending mail to an internal-only distribution list.
3. TLS is encrytpion for the e-mail transmission while it is going across to another mail server. The other mail server could be across the internet or across your WAN. Use TLS for example is you are going to allow your remote users to relay mail via your mail server across the internet, as this will encrypt the username and password too for the smtp connection (if you implement this). If you send sensitive e-mails to your partners on a regular basis use TLS to send e-mail to them as this ensures the e-mail transmission from your smtp server to thier smtp server is encrypted. Finally use TLS to further protect your ActiveSync, OWA or RPC/HTTPS as opposed to using the weaker SSL.
Pros: the transmission is encrypted and hence a bit more secure, also you get a sort of confirmation especially between partners that the e-mail did come for the partner's server.
Cons: Slight load due to the encryption (but very slight), if you use an Internal CA to get the certificates from you need to give your public root cert to your partner so that they can trust your certs and viice versa.
You May Also Find These Documents Helpful
-
In addition to the already existing security layers, there should be an added layer specifically for incoming and outgoing emails.…
- 409 Words
- 2 Pages
Satisfactory Essays -
Educate facility not to open email from unknown users and not to click on links in emails from unknown users.…
- 508 Words
- 3 Pages
Satisfactory Essays -
The number of roles a server can perform depends on the computer’s hardware configuration, the hardware requirements of the role, and the size and scope of the enterprise.…
- 431 Words
- 2 Pages
Satisfactory Essays -
Team B has been commissioned to examine the Kudler Fine Foods’ (KFF), frequent shopper, Customer Loyalty Program that is currently in development. The team has also been asked to direct the system development team to ensure the system is established securely so that it properly protects company data and customer information throughout all stages of the system development process. In week 2, the team will examine the Customer Loyalty Program for vulnerabilities in different areas of the system. The study will define the possible threats that exist to the security of the organization’s and the customers’ data and information, the potential vulnerabilities each threat may exploit, and area of the system affected by the threats. Additionally, a summary of the most critical threats to Kudler’s Customer Loyalty Program will be provided.…
- 745 Words
- 3 Pages
Good Essays -
For the LAN domain, inform employees about email scams. Most users know not to open emails when on our system. Spam filters can help control junk email, so there is less risk of opening emails containing malware.…
- 337 Words
- 2 Pages
Satisfactory Essays -
In this assignment we are asked to identify the major threats and security concepts from a whitepaper located on the internet: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf. This report stated that: “There are a number of recent and growing trends in the threat activity landscape that were observed by Symantec in 2009.” These threats are identified as:…
- 275 Words
- 1 Page
Satisfactory Essays -
3. Another SMTP Server security threat is malware. Malware is malicious software which can be in various forms such as trojans, viruses, spyware and worms. Malware is usually installed without the user’s consent. It can attack the user’s computer and then use the user’s computer to attack other computers. To help prevent the spread of malware, you can have firewalls and proper security software protection. (Hampton, 2011)…
- 487 Words
- 2 Pages
Satisfactory Essays -
Spam – for example when using a programme like Microsoft Outlook you have an address book with all saved email addresses, viruses etc. can gain access to these and use them to send spam emails to other via emails, the recipient is then at threat.…
- 914 Words
- 3 Pages
Good Essays -
The SMTP server will be Sendmail. Sendmail comes with the security feature of encrypting the connection (Jang, 2011). We will also need a virus scanning program to ensure mail coming in does not have virus attachments.…
- 295 Words
- 2 Pages
Good Essays -
2401593 CVE-2010-3213: Vulnerability in outlook Web access could allow elevation of privilege. Microsoft Server Exchange 2003 and 2007…
- 340 Words
- 2 Pages
Powerful Essays -
Lab #1 – Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in an IT Infrastructure…
- 1084 Words
- 5 Pages
Powerful Essays -
Risk planning is developing and documenting organized, comprehensive, and interactive strategies and methods for identifying risks.…
- 531 Words
- 3 Pages
Good Essays -
Waves of targeted email attacks, often called phishing, are exploiting client side vulnerabilities in commonly used programs such as Adobe PDF Quick Time, Adobe Flash, and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have access to the internet and the network.…
- 928 Words
- 4 Pages
Good Essays -
From the year 2000 to 2010, the users’ on the Internet has escalated to approximately five times its original users. The Internet provides a variety of services in which its users transmits large amounts of proprietary and personal data. The increase in Internet users and the vital data transmitted has enticed criminals to use the internet to obtain vital information. This is done through the use of malicious traffic. Malicious traffic can be defined as Internet traffic used to compromise a system and/or to conceivably impair the privacy of consumers data stored on the system or the person working on the system itself. Security experts has documented "67,000 new malware threats on the Internet daily in the first quarter of 2011, resulting from more than 45 new viruses, worms, spyware and other threats" (Department of Commerce (DOC), 2011). Malicious traffic plays a key role in the challenges faced in the economics of information security. Economically speaking, malicious traffic…
- 1586 Words
- 7 Pages
Powerful Essays -
* Yahoo Mail’s and Google Mail’s mandatory and automatic access to every user’s data on his/her email account which is sent to both Yahoo and Google’s business partners which results in Spam mails.…
- 426 Words
- 2 Pages
Good Essays