Click here to read “SMTP Lockdown: Inbound Protection (Part I)”
In SMTP Lockdown: Inbound Protection, we discussed controlling who can send email into a mail server. In an effort to reduce spam and avoid being blacklisted or labeled as a spammer, it is equally important to restrict who can send email OUT from a domain. Why? Because if SMTP traffic can flow freely outwards from anywhere on the internal network, a spammer doesn’t necessarily need access to your mail server. And if the domain’s IPs are seen generating abundant amount of Spam SMTP traffic, those IPs and their respective domain name may become Blacklisted (i.e. other email servers will not accept your email anymore).
Spambots and You
Now that inbound SMTP is locked down and nobody can relay off of the mail server, can Spammers still take advantage of your domain? Well, do the employees use the Internet? In most cases, the answer is a “Yes”. Unless HTTP traffic is very thoroughly monitored AND all client Antivirus definitions are in tip-top shape (a whole different article entirely…), then those users and their workstations are vulnerable to become Spammers.
Users Becoming Spammers
A user may browse to their favorite social networking site, get a pop up, and click a link they shouldn’t have. Suddenly, a small program known as a Spambot installs. The Spambot may attempt to harvest email addresses from its infected host. It may also seek to infect other machines and create a Spam BotNet. A Spam BotNet on a network will search for open Port 25 connections and try to send outbound Spam messages by relaying off machines running SMTP.
If you have properly locked down the mail server so that no IPs (or strictly controlled ones) can relay off of it and take the extra step of only allowing Outbound Port 25 traffic from the mail server at the Firewall, this BotNet will not be able to relay off the mail server. Only the mail server will be able to send email out and your domain’s IP addresses will remain in good standing. That being said, there would certainly still be some internal cleanup to do if a Botnet is installed. However, at least it wouldn’t be your Internet domain reputation that suffers.
More
Email. What began as a novelty, an interesting alternative to the physically written word, has now evolved into the hands-down single most important universal set of applications in the business world. As such, people tend to get very angry if their email is not working correctly. There are a lot of moving parts involved in moving email traffic throughout the Internet, the majority of which can break and result in an email outage if not properly maintained. So why chance a threat to email functionality which can be controlled? No good reason, right?
Meet SMTP (Simple Mail Transfer Protocol). SMTP is the Internet Protocol which very nearly ALL email travels over, and has a specific TCP/IP Port (25) which its traffic runs on. Spammers use vulnerable SMTP servers and Port 25 openings to spread their content anywhere and everywhere, often without using their own servers to do it. Access to Port 25 can be restricted both at the email server and at the firewall at the edge of a network. An inbound email to a domain name requires a connection to go through the firewall and end up at the email server.
In the days of rampant Spam Attacks, it is critical to control who can connect to, as well as relay off of, an email server. Here are several important ways that businesses can protect themselves from inbound email threats:
:
More
Bob Dylan recorded the song (and the album) in 1963. It was written two years before he went electric. If I could speak to him today, I would like to know his take on how different things are today. I am sure he could draw several political and cultural similarities between the present and 1963. But the differences are quite vast. Technology has become the driving force of everything around us.
Consider, if you will, the large number of changes that the music industry has been through because of technology. Think back as far as you can and think about every piece of equipment you have owned in your lifetime that simply allows you to listen to music. Personally, I can remember owning a record player, a walkman or three, many tape decks, four or five CD players, three iPods, and an Android. It is amazing how much media I have owned and do own. (Believe me, I just moved…there’s too much). The best part about the improvement of entertainment media is the decrease in size and weight. I really want to get rid of all of the plastic junk I need to lug around just to enjoy a song. I pity the people who had to dedicate entire living rooms to their record collections.
We don’t need to do this anymore though, do we?
More
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Systems has recently released a Security Advisory regarding the ASA 5500 Series Adaptive Security Appliance (ASA), more commonly known as your firewall. This firewall device is a security appliance that sits between your private network and the Internet, protecting you from would-be attackers and other malicious activity. On rare occasions however, even an extremely robust security appliance such as the Cisco ASA can suffer from vulnerabilities.
This Security Advisory applies to the Cisco ASA 5500 Series firewalls and the Cisco Firewall Services Module (used in the Cisco Catalyst 6500 Series switch chassis) only. None of Cisco’s other firewalls are affected by any of the vulnerabilities. These vulnerabilities are:
- Three SunRPC Inspection Denial of Service Vulnerabilities
- Three Transport Layer Security (TLS) Denial of Service Vulnerabilities
- Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerability
- Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability
What is a Denial of Service Vulnerability?
Simply put, a Denial of Service vulnerability is a weakness in the operating system of a server or network appliance. When these vulnerabilities are exploited by a Denial of Service attack, the resource are unavailable to its intended users.
More
As I laid out in my last blog post, there’s a lot of data involved in managing IT assets and services that’s not only important to keep track of, but also critical to take action on. In your business, who does that? If you’re running a 20-50-person shop, you likely have, at most, 1-2 IT folks who keep your computers humming and connected to the networks and Internet.
Your typical on-site IT tech’s days are spent:
- Troubleshooting existing issues
- Upgrading systems
- Patching operating systems and other software
- Maybe testing changes before implementing them (if they have time)
- Maybe analyzing and closing security vulnerabilities
- Hopefully taking and verifying backups, and also securing those backups – Backups are a major data theft vulnerability, and also should be securely kept offsite in case of widespread catastrophe such as fire or flood.
It’s very unlikely that a small team has the time, training, or expertise to capture the kind and detail of data they should in order to properly manage your IT investments. It’s extremely unlikely they put what data they do capture to use for you.
More
Seems like magic doesn’t it? Most people haven’t really thought about how it works but they will certainly know when it doesn’t work. There are many stops in the journey of an email before you see that envelope in your system tray, but there is one crucial stop that is worth mentioning – the MX record.
More
Beginning on Tuesday, July 13th, 2010, Thrive Networks became aware of an email attack on Salesforce.com users. Those affected first received an email with the subject of “Salesforce: Unauthorized access” and contained a link for the user to reset their password.
These emails are not from Salesforce.com or the Salesforce Systems team. An outside attacker is attempting to compromise the recipients PC by tricking them into clicking a link that will download a malicious file named “salesforce.exe”.
If you have received this email, you are advised to delete the message immediately. If you believe your computer has been compromised, immediately disconnect from your networks and run an anti-virus or anti-spyware application. In addition, have your administrator change the password for your local machine as well as to your Salesforce.com User Account.
Steps to Protect Yourself
There are several things you can do to protect yourself against Salesforce Phishing and Malware attacks in the future:
- Use caution when clicking on links in emails that link to Salesforce.com. Just because the message may say “Click here to Login to Salesforce.com” doesn’t actually mean the link points to www.salesforce.com/login.jsp
- You should always login to SF in one of the following ways
Looking for more information on “How to Protect Yourself from Spyware”? Michael Gray, Thrive’s Director of Network Operations, has some helpful advice. Click here to read more.
More
What is the life expectancy of my server?…
Clients often ask me that question. More often than not, I find myself answering – What types of applications do you plan on running? And how important are these applications to your organization?
As you probably have guessed, email is typically one of the most critical systems to small and medium-sized businesses. Yet it amazes me that while many companies try to squeak four and five years out of their server hardware, they are reluctant to keep that equipment under warranty beyond the original three years that came with it. I’ve heard clients tell me things like “well, it’s been fine for the past three years so it should continue to run normally” or “buying a warranty on an older piece of hardware isn’t worth the money.”
Every time I hear one of those excuses, it makes me cringe. Here’s the reality of the situation…
More
Virtual Private Networks (VPNs) are not the latest and greatest technology out there. In fact, they were first seen in the late 80′s as a means to carry private information across the public network. Today, VPN is primarily used by organizations to securely connect remote employees to internal applications, such as email or file servers. Like all technology, VPN has evolved over time and now offers different methods of connecting remote employees.
So, how does one decide which solution will best fit their needs?
More
