NT2670 Unit 4 Assignment 1:SMTP Security Best Practices

NT2670 Unit 4 Assignment 1
4/20/2014

1. The first Threat is Viruses have been around for years, but that doesn't make them any less dangerous or easy to eradicate. New, more destructive viruses and worms are being unleashed at an alarming rate.

The Second threat is Spam. Spam is expected to increase to 80 to 90 percent of total email. Moreover, the boundary between spam and viruses is blurring. New viruses turn desktop PCs into spam-spewing "zombies." There is also a new type of spamming technique called "phishing," used to dupe recipients into providing confidential personal identity information.

The third threat is known as Directory Harvest Attacks or also known as "dictionary attacks," this technique steals proprietary information from corporate directories. During a DHA, spammers attempt to deliver messages to multiple addresses, such as johndoe@yourcompany.com, jdoe@yourcompany.com, and john@yourcompany.com. Addresses that are not rejected by the receiving mail server are determined to be valid. A successful DHA can net a spammer thousands of corporate email addresses in just a few minutes.

2. 1) Disable open relaying on all SMTP virtual servers: Open relay on your Exchange Server allows other Email servers to use your server as a gateway to others. This allows others to send spam Email which appears to be originated from your address, therefore you will be identified as a spam source.

2) Prevent anonymous access on internal SMTP virtual servers and dedicated SMTP virtual servers for IMAP and POP clients: Because all Exchange servers within your organization authenticate with each other to send mail, you do not need to enable anonymous access on your internal Simple Mail Transfer Protocol (SMTP) virtual servers. Additionally, all Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) clients authenticate with your SMTP virtual server, so anonymous access is not required on a server that is used exclusively by POP and IMAP clients.

3) Restricting Submissions to Distribution Lists and Users: Restrict who can send e-mail messages to an individual user or a distribution list. Restricting submissions on a distribution list prevents non-trusted senders, such as unauthorized Internet users, from sending mail to an internal-only distribution list.

3. TLS is encrytpion for the e-mail transmission while it is going across to another mail server. The other mail server could be across the internet or across your WAN. Use TLS for example is you are going to allow your remote users to relay mail via your mail server across the internet, as this will encrypt the username and password too for the smtp connection (if you implement this). If you send sensitive e-mails to your partners on a regular basis use TLS to send e-mail to them as this ensures the e-mail transmission from your smtp server to thier smtp server is encrypted. Finally use TLS to further protect your ActiveSync, OWA or RPC/HTTPS as opposed to using the weaker SSL.

Pros: the transmission is encrypted and hence a bit more secure, also you get a sort of confirmation especially between partners that the e-mail did come for the partner's server.

Cons: Slight load due to the encryption (but very slight), if you use an Internal CA to get the certificates from you need to give your public root cert to your partner so that they can trust your certs and viice versa.