E-Mail Virus Protection Handbook book cover

E-Mail Virus Protection Handbook

Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

The E-mail Virus Protection Handbook is organised around specific e-mail clients, server environments, and anti-virus software. The first eight chapters is useful to both users and network professionals; later chapters deal with topics relevant mostly to professionals with an emphasis on how to use e-mail filtering software to monitor all incoming documents for malicious behaviour. In addition, the handbook shows how to scan content and counter email address forgery attacks. A chapter on mobile code applications, which use Java applets and Active X controls to infect email and, ultimately, other applications and whole systems is presented.The book covers spamming and spoofing: Spam is the practice of sending unsolicited email to users. One spam attack can bring down an entire enterprise email system by sending thousands of bogus messages or "mailbombing," which can overload servers. Email spoofing means that users receive messages that appear to have originated from one user, but in actuality were sent from another user. Email spoofing can be used to trick users into sending sensitive information, such as passwords or account numbers, back to the spoofer.

Paperback, 476 Pages

Published: November 2000

Imprint: Syngress

ISBN: 978-1-928994-23-7

Contents


  • Introduction

    Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

    Introduction

    Essential Concepts

    Servers, Services, and Clients

    Authentication and Access Control

    Hackers and Attack Types

    What Do Hackers Do?

    Attack Types

    Overview of E-mail Clients and Servers

    Understanding a Mail User Agent and a Mail Transfer Agent

    The Mail Delivery Agent

    When Are Security Problems Introduced?

    History of E-mail Attacks

    The MTA and the Robert Morris Internet Worm

    MDA Attacks

    Analyzing Famous Attacks

    Case Study

    Learning from Past Attacks

    Viruses

    Worms

    Types of Worms

    Trojans

    Illicit Servers

    Differentiating between Trojans and Illicit Serversxiv Contents

    E-mail Bombing

    Sniffing Attacks

    Carnivore

    Spamming and Security

    Common Authoring Languages

    Protecting Your E-mail

    Protecting E-mail Clients

    Third-party Applications

    Encryption

    Hash Encryption and Document Signing

    Summary

    FAQs

    Chapter 2: Securing Outlook 2000

    Introduction

    Common Targets, Exploits, and Weaknesses

    The Address Book

    The Mail Folders

    Visual Basic Files

    Attacks Specific to This Client

    Security Updates

    Enabling Filtering

    Junk E-mail

    Filtering Keywords

    Mail Settings and Options

    HTML Messages

    Zone Settings

    Enabling S/MIME

    Why You Should Use Public Key Encryption

    Installing and Enabling Pretty Good Privacy (PGP)

    Understanding Public Key Encryption

    Summary

    FAQs

    Chapter 3: Securing Outlook Express 5.0 and Eudora 4.3

    Introduction

    Outlook Express for Windows

    Security Settings

    Attachments

    Outlook Express for Macintosh

    Junk Mail Filter

    Message Rules

    Attachments

    Eudora for Windows and Macintosh

    Security

    Attachments

    Filtering

    Enabling PGP for both Outlook Express and Eudora

    Sending and Receiving PGP-Secured Messages

    Automatic Processing of Messages

    File Attachments and PGP

    Summary

    FAQs

    Chapter 4: Web-based Mail Issues

    Introduction

    Choices in Web-based E-mail Services

    Why Is Web-based E-mail So Popular?

    The Cost of Convenience

    Specific Weaknesses

    Case Study

    Specific Sniffer Applications

    Code-based Attacks

    Solving the Problem

    Using Secure Sockets Layer (SSL)

    Secure HTTP

    Practical Implementations

    Local E-mail Servers

    Using PGP with Web-based E-mail

    Making Yourself Anonymous

    Summary

    FAQs

    Chapter 5: Client-Side Anti-Virus Applications

    Introduction

    McAfee VirusScan 5

    Norton AntiVirus 2000

    Trend Micro PC-cillin 2000

    Summary

    FAQs

    Chapter 6: Mobile Code Protection

    Introduction

    Dynamic E-mail

    Active Content

    Taking Advantage of Dynamic E-mail

    Dangers

    No Hiding Behind the Firewall

    Mobile Code

    Java

    Security Model

    Points of Weakness

    How Hackers Take Advantage

    Precautions You Can Take

    JavaScript

    Security Model

    Points of Weakness

    How Hackers Take Advantage

    Precautions to Take

    ActiveX

    Security Model

    Points of Weakness

    How Hackers Can Take Advantage

    Precautions to Take

    VBScript

    Security Model

    Points of Weakness

    How Hackers Take Advantage

    Precautions to Take

    Summary

    FAQs

    Chapter 7: Personal Firewalls

    Introduction

    What Is a Personal Firewall?

    Blocks Ports

    Block IP Addresses

    Access Control List (ACL)

    Execution Control List (ECL)

    Intrusion Detection

    Personal Firewalls and E-mail Clients

    False Positives

    Network Ice BlackICE Defender 2.1

    Installation

    Configuration

    E-mail and BlackICE

    Aladdin Networks’ eSafe, Version 2.2

    Installation

    Configuration

    E-mail and ESafe

    Norton Personal Firewall 2000 2.0

    Installation

    Configuration

    ZoneAlarm 2.1

    Installation

    Configuration

    E-mail and ZoneAlarm

    Summary

    FAQs

    Chapter 8: Securing Windows 2000 Advanced Server and Red Hat Linux 6 for E-mail Services

    Introduction

    Updating the Operating System

    Microsoft Service Packs

    Red Hat Linux Updates and Errata Service Packages

    Disabling Unnecessary Services and Ports

    Windows 2000 Advanced Server-Services to Disable

    Internet Information Services (IIS)

    Red Hat Linux-Services to Disable

    Inetd.conf

    Locking Down Ports

    Well-Known and Registered Ports

    Determining Ports to Block

    Blocking Ports in Windows

    Blocking Ports in Linux

    Maintenance Issues

    Microsoft Service Pack Updates, Hot Fixes, and Security Patches

    Red Hat Linux Errata: Fixes and Advisories

    Windows Vulnerability Scanner (ISS System Scanner)

    Linux Vulnerability Scanner (WebTrends Security Analyzer)

    Logging

    Common Security Applications

    Firewall Placement

    Summary

    FAQs

    Chapter 9: Microsoft Exchange Server 5.5

    Introduction

    Securing the Exchange Server from Spam

    Exchange and Virus Attacks: Myths and Realities

    Learning from Recent Attacks

    Exchange Maintenance

    Service Packs

    Plug-ins and Add-ons

    Third-party Add-ons

    Microsoft Utilities

    Content Filtering

    Attachment Scanning

    Recovery

    Backing Up Data

    Restoring Data

    Summary

    FAQs

    Chapter 10: Sendmail and IMAP Security

    Introduction

    Sendmail and Security: A Contradiction in Terms?

    Sendmail’s History

    Threats to SendMail Security

    Fixes

    Alternatives: Postfix and Qmail

    Comparing Your Options

    Internet Message Access Protocol (IMAP)

    The IMAP Advantage

    Understanding IMAP Implementations

    Administering the Server

    IMAP Summary

    Recovery

    Backing Up Data

    Restoring Data

    The Bottom Line on Backup

    Summary

    FAQs

    Chapter 11: Deploying Server-side E-mail Content Filters and Scanners

    Introduction

    Overview of Content Filtering

    Filtering by Sender

    Filtering by Receiver

    Subject Headings and Message Body

    Overview of Attachment Scanning

    Attachment Size

    Attachment Type (Visual Basic, Java, ActiveX)

    McAfee GroupShield

    Installation of GroupShield

    Configuration

    Specific Settings

    Trend Micro ScanMail for Exchange Server

    Installation of ScanMail

    Configuration

    Specific Settings

    Additional ScanMail Offerings

    Content Technologies’ MAILsweeper for Exchange 5.5

    Installation of MAILsweeper

    Configuration

    Specific Settings

    Firewall and E-mail Content Scanning

    Content Technologies MIMEsweeper for CheckPoint’s Firewall-1

    Axent Raptor Firewall

    Attack Detection and System Scanning

    Attacks

    Real-time, Third-party Services

    Evinci

    Securify

    Summary

    FAQs

    Appendix: Secrets

    Lesser-known Shortcuts

    Under-documented Features and Functions

    Disable an ActiveX Control

    For Experts Only (Advanced features)

    Web Pages on Mobile Code Security Topics

    Outlook Web Access (OWA)

    Using SendMail To Refuse E-mails with the Love Letter Virus

    Troubleshooting and Optimization Tips

    Index


Advertisement

advert image