- Contacts
- Encryption Solutions
- Solutions for email
- Enterprise Mobile Solutions
- Security Solutions
- Remote Access SSL VPN
- Password & Identity Management
- Internet Firewall
- Secure DNS Server
- Document Collaboration
- Web Content Management
- E-commerce
- Alumni Membership
- Network File Encryption
- USB Memory Drives
- Smart Cards & Single Signon
- Aladdin eToken
- URL Web Filter
- Fault Tolerant IP
- SSL Acceleration
- Tape Backup
- Network Storage
- Wireless Networking
- Domain Names
- Resources
- Site
Thirty Eight Email Security Risks
Introduction
Email is the most important single service running on the Internet. It is also the number one source of security risk. Every corporate mail server and workstation currently sending and receiving email messages is vulnerable to an ever-growing list of attacks. However, most organisations do not defend adequately against these attacks and are often unaware of their significance and potential for damage.
Many companies have taken a short-term view of the email security problem, tackling only the most obvious problems of viruses, trojans and spam and implementing piecemeal solutions to combat them. What they fail to consider is the growing threat from other sources such as malformed messages and denial of service attacks.
Unlike other applications, email allows unauthenticated and unidentified connections to be made directly to the server. In addition, it makes them from an untrusted source to a trusted destination. Whichever way you look at it email systems break the standard security model and as this document shows, a firewall and anti-virus software alone will not protect you.
Executive Summary
BorderWare Technologies Inc. has drawn up an introductory list of vulnerabilities to help build awareness of threats against email and the protection offered by firewalls and antivirus software. It also shows the protection afforded by MXtreme Mail Firewall and how it is achieved. The conclusions drawn from the list are highlighted in the following statements below. Anti-virus software offers only limited protection against email threats There are 38 email security risks of which only 5% are protected by anti-virus software
Firewalls offer no protection against email threats
To operate, email needs both inbound and outbound access. The very fact that companies want to receive email from strangers – potential customers – means that asking for authentication, the standard way to verify a connection passing through a firewall to a protected network, simply does not work. So the firewall just passes the responsibility to the mail server.
Placing the mail server in a DMZ is not the answer
This just moves problem rather than addressing the insecurities of email. It also makes it more difficult for internal users to read their email and more likely that they will use external insecure email accounts such as hotmail.
A more comprehensive email security solution is required
A solution that can deal with the myriad of threats against email, not just spam, viruses, Trojans and worms, but malformed messages and denial-of-service attacks. At the same time it also needs to provide sophisticated routing and delivery, and provide users with secure remote access.
The List
The following chart lists 38 email security risks and their potential impact on your organisation. The F/W column indicates whether your enterprise firewall protects you against the corresponding risk. The A/V column indicates whether your Anti-Virus product protects you.
The MX column indicates whether the BorderWare MXtreme Mail Firewall protects against the risk, and the Comments column provides a brief description of how the MXtreme defends against such an attack.
| # | Description | Impact | F/W | A/V | MX | Comment |
| 1 | The mail server’s underlying operating system is vulnerable to “buffer overflows” and similar types of attacks. | Specially crafted emails exploit this weakness, allowing a hacker to take over the server. (Example: Code Red worm) | No | No | Yes | MX is built on the EAL4 certified S-Core operating system, in use for 8 years with thousands of installations. S-Core has real-time detection of buffer overflows and stops them immediately. |
| 2 | Incoming mail traffic is passed directly to your internal email servers, providing opportunities to hackers. Firewalls provide only partial protection. | Many SMTP servers have vulnerabilities that can be exploited to take control of the complete system. | No | No | Yes | MX SMTP server is hardened and secured by BorderWare's specialists, and is constantly updated for new threats. |
| 3 | OWA(Outlook Web Access) requires three components – Windows, IIS and Exchange. Each must be separately installed and secured. Traffic must also be passed through the firewall. | Complex installations present opportunities for error that may be readily exploited. In addition, each component has many vulnerabilities | No | No | Yes | MX installs in one integrated operation, with all components integrated and secured. Its OWA proxy provides a secure mechanism for providing access. |
| 4 | Email clients such as Outlook helpfully “correct” invalidly formatted email messages. | Some AV platforms also accept malformed messages. Hackers construct invalid messages that bypass standard AV scanners and are then accepted, corrected executed . | No | No | Yes | MX provides Message Integrity Checking that detects and blocks 100% of invalid messages per University of Magdeburg test suite. |
| 5 | For convenience, roaming users forward confidential business email to public mail servers like Hotmail or Yahoo. | Unauthorized parties can read the email. Numerous password exploits have been published for Hotmail and other web mail sites. | No | No | Yes | MX provides secure BorderPost web-mail client and secure Outlook Web Access proxy. |
| 6 | Employees are not restricted in which types of files can be emailed. | Confidential and valuable documents can be revealed, accidentally or deliberately. | No | No | Yes | MX's attachment filtering can be used to prevent documents getting outside of your organisation’s control. |
| 7 | Employees may use an email system to exchange personal files, including jokes, images etc. | Such materials may cause significant offense to other employees, leading to legal liability. | No | No | Yes | MX can be easily configured to block employees from sending inappropriate attachments – e.g. jpg and gif files. |
| 8 | Common viruses are propagated as email attachments. | User opens attachment and activates virus. Widespread damage results. | No | Yes | Yes | For organisations lacking centralised AV, MX can provide optional AV scanning using Kaspersky Labs AV engine and hourly pattern updates. |
| 9 | Roaming users access email via OWA to internal Exchange server. OWA passwords are passed in the clear on internal networks. OWA sessions are not cleared from public terminals. | Weak passwords can be cracked by “brute force” password cracking programs. Third parties can read confidential mail. | No | No | Yes | MX provides strong authenticated access control using built in SecurID support, or other tokens via Radius. |
| 10 | Roaming users access email using IPSEC VPN client on laptop. | Seemingly secure, but difficult to use for average employee. Trojans on laptop can penetrate corporate network through VPN. Requires IPSEC deployment and personal firewall on all laptops. Expensive to install and manage. | No | No | Yes | MX provides secure remote email access with no-cost VPN using Secure Web Access (SSL), strong authentication, and access to Exchange via secure OWA proxy. No potential for accidental exposure of other internal network assets. |
| 11 | Desktop AV packages out of date or inoperable due to expired subscriptions, technical glitches, disabled by user, etc. | User is wide open to new or existing virus attacks. | No | No | Yes | MX provides high performance server based AV. Much easier to manage than desktop AV. Also – MX updates automatically once an hour. |
| 12 | Newly introduced viruses propagate before pattern files are updated by AV vendors. | Users assume they are secure so open attachments. Widespread damage results. | No | No | Yes | MX can be configured to selectively block common attachments used for viruses such as executables and script files. |
| 13 | Hackers can send executable Trojans disguised as legitimate email attachments. E.g. “Nimda” | Attachment bypasses AV scanners until signature file is updated. Users open file and massive damages occur. | No | No | Yes | MX can be configured to selectively block common attachments used for viruses such as executables and script files. |
| 14 | Employees can send unauthorized email to third parties. | Confidential information available to third parties. | No | No | Yes | MX can maintain complete audit trail of all messages sent by users. |
| 15 | Harassing email sent to your employees by third parties. | Employees sue company. | No | No | Yes | MX can block specified source addresses, and maintains audit trail to assist investigation. |
| 16 | Mail server default configuration allows relaying of third party email. | Spammers abuse server. Your server gets placed on “blackhole” list, and you can’t send mail to many destinations. | No | No | Yes | MX blocks mail relaying out of the box. |
| 17 | Internal email addresses “leak” onto Internet. e.g. fred.smith@secretproject.abc.com. | Competitors or hackers find out about your internal organizational structure. | No | No | Yes | MX address mapping features hide internal structure, and enforce consistent external addressing policy. |
| 18 | Email traffic between company branches or with business partners travels in the clear. | Email can be “sniffed” in transit and confidential information exposed. | No | No | Yes | MX implements standards based server-to-server encryption as a no extra cost feature. |
| 19 | Internal email travels in the clear. | Executives email is “sniffed” by any employee using freely available download utilities. | No | No | Yes | MX provides encrypted connection for commonly used mail clients (Outlook etc.) |
| 20 | Userids and passwords used for POP mail access are not encrypted on internal network. | Can be sniffed by anyone and used to gain access into other servers. | No | No | Yes | MX provides encrypted connection for common POP and IMAP mail clients. |
| 21 | Hackers run scanners against mail server to detect operating system and mail server type. | If NT/Exchange detected, a host of attacks are launched automatically. | No | No | Yes | MX does not return any identifying information. Response to ping can be disabled to decrease visibility. |
| 22 | Organization has many mail servers accepting connections from external sources. | Security measures are inconsistent, and security responsibility is spread out or unclear. Hackers or viruses can penetrate at “weakest link” in chain, then disrupt internal network. | No | No | Yes | MX provides single controlled gateway and enforces consistent security policy. |
| 23 | Mail server not kept up to date with security or other patches. | Server becomes vulnerable to new exploits. Server is compromised and used as launch point into internal network. | No | No | Yes | MX is automatically kept up to date by the BorderWare Security Connection, which downloads software updates and security bulletins. |
| 24 | Network administrator fails to install important NT security patch. | This can easily happen due to the large number of patches, and difficulty of installation, especially if multiple servers are involved. Server is wide open to attacks. | No | No | Yes | MX is based on secure S-Core operating system. No need to install NT “patch of the week”. |
| 25 | NT server running Exchange cannot be updated with new patches because of incompatibilities with other applications running on same system | Server is wide open to new exploits. | No | No | Yes | MX is a dedicated single purpose server. |
| 26 | Hackers can target your server with SYN floods or other network level attacks. | Denial of service condition. Internal email service stops as well as external email connectivity. | No | No | Yes | MX detects and blocks all network level attacks. |
| 27 | Hackers can flood your mail server with huge messages to exhaust resources. | Denial of service condition. Internal email service stops as well as external email connectivity. | No | No | Yes | MX allows message size limits and disk quotas to be easily configured. |
| 28 | Overloaded network administrators look after security on a “best efforts” basis. | Hackers take advantage of delays in implementing security fixes to penetrate network. | No | No | Yes | MX kept up to date by dedicated development and support teams. |
| 29 | Network administrators are not security experts, and miss the significance of important announcements or developments. | Hackers take advantage of lack of expertise and penetrate your network. | No | No | Yes | MX is developed and maintained by BorderWare Technologies, a world leader in email and Internet security, and first company to achieve EAL4 security certification. |
| 30 | Network admin has designed a “home grown” email security system. Admin quits and no-one knows quite how the system works. | System is not maintained and becomes “fragile” and open to compromise. | No | No | Yes | MX is kept up to date by highly skilled and motivated development team. Training and 24x7 support are just a phone call away. |
| 31 | Network admin not able to configure system remotely to deal with new threat. Configuration update has to wait until next day. | Hackers or viruses take advantage of “window of opportunity” to penetrate network. | No | No | Yes | MX allows secure remote browser based configuration. |
| 32 | Default installation of Exchange results in an insecure installation. | Services – e.g. FTP – are enabled and may be exploited | No | No | Yes | MX default installation provides for only necessary services. Additional services, like web mail, must be explicitly enabled. |
| 33 | Employees may use an email system for personal use. | This may lead to wasted time and resources. | No | No | Yes | MX logs all activity and may also archive email messages. Effective monitoring acts as a powerful deterrent to inappropriate activity. |
| 34 | Encryption systems are often complex to implement and manage, involving PKI, exchanging keys and signatures etc. | Users will typically bi-pass systems that they do not understand or which require some technical knowledge, and will revert to sending email in the clear. | No | No | Yes | MX's encryption requires no end-user involvement to provide secure and confidential email messaging. |
| 35 | Mail servers today offer a wide range of features, and are central to many workflow collaboration tools, file servers etc.. | An attack on SMTP is now also an attack on your central corporate electronic resource. | No | No | Yes | MX stands between your internal mail servers and the internet, in the same way that firewalls protect databases and other resources. |
| 36 | Users may introduce viruses to the system via diskette, CD etc. | These viruses can then spread locally without intervention by a virus scanner. | No | No | Yes | MX can be configured to act as a delivery point for all email clients and systems, effectively centralizing and containing this risk. |
| 37 | Zip expansion attack. A large uniform file (for example 1 Gbyte of Zeros) is zipped and e-mail. AV or content filtering products attempt to unzip the attachment for checking, but are unable to do so because of lack of disc space. | AV and content filtering slows or stops. Impact may spread to complete e-mail system. | No | No | Yes | MX handles this cleanly and quarantines or rejects the entire message. |
| 38 | “Zip of Death” attack. A simple file is repeatedly zipped (1,000 times or more). | AV or content filtering products attempt to unzip the attachment for checking, but are unable to do so because of lack of disc space, or consume excessive CPU cycles AV and content filtering slows or stops. Impact may spread to complete e-mail system. | No | No | Yes | MX handles this cleanly and quarantines or rejects the entire message. |