E-mail is perhaps the most popularly used system for exchanging information over the Internet (or any other computer network). At the most basic level, the e-mail process can be divided into two principal components: (1) mail servers, which are applications that deliver, forward, and store mail; (2) clients which interface with users and allow users to read, compose, send and store e-mail messages.
After Web servers, mail servers are often the most targeted and attacked hosts on an organisation`s network. This is because the computing and networking technology that underpins e-mail is ubiquitous and allows attackers to exploit such systems to a somewhat greater degree. These circumstances result in the need to secure mail servers and mail clients and the network infrastructure that supports them. The specific security threats to e-mail generally fall into one of the following categories:
* Malicious entities may exploit software bugs in the mail server application or underlying operating system to gain unauthorised access to the mail server. Examples of this unauthorised access include gaining access to files or folders that were not meant to be publicly accessible or being able to execute commands and/or install software on the mail server.
* Denial of service (DoS) attacks may be directed to the mail server or its support network infrastructure, denying or hindering valid users an ability to use the mail server for the duration of the attack.
* Sensitive information on the mail server may be distributed to unauthorised individuals or changed for malicious purposes.
* Sensitive information transmitted between mail server and e-mail client may be intercepted if not encrypted. For example all popular e-mail communication standards default to sending usernames, passwords, and the e-mail message itself "in the clear" (ie unencrypted).
* Information within the e-mail may be altered at some point between the sender and recipient.
* Malicious entities may gain unauthorised access to resources elsewhere in the organisation`s computer network via a successful attack on the mail server. For example, once the mail server is compromised, an attacker will be able to retrieve users` passwords. These passwords may grant the attacker access to other hosts on the organisation`s network.
* Malicious entities may attack external organisations from a successful attack on a mail server host, thus concealing the intruders` identities, and perhaps making the organisation liable for damages.
* Misconfiguration may allow malicious entities to use the organisation`s mail server to send e-mail-based advertisements (ie spam).
* Viruses and other type of malicious code may be distributed throughout an organisation via e-mail.
* Users may send inappropriate, proprietary, or other sensitive information via e-mail. This could expose the organisation to legal action.
In order to protect an organisation from the above mentioned e-mail related threats, it is advisable to conduct regular security assessments. A comprehensive security assessment service needs to address the security issues of both mail servers and mail clients. It should also be able to verify the level of authentication, data integrity, data confidentiality and non-repudiation, while taking cognisance of the following Acts: the Companies Act; the Electronic Communications and Transactions Act, and the Interception and Monitoring Act.
For further information on any of the above course, contact NamITech on (011) 458 0081 or e-mail info@namitech.com.
Share