E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

Overview

The E-mail Virus Protection Handbook is organised around specific e-mail clients, server environments, and anti-virus software. The first eight chapters is useful to both users and network professionals; later chapters deal with topics relevant mostly to professionals with an emphasis on how to use e-mail filtering software to monitor all incoming documents for malicious behaviour. In addition, the handbook shows how to scan content and counter email address forgery attacks. A chapter on mobile code applications,...

See more details below
Paperback
$37.15
BN.com price
(Save 11%)$41.95 List Price
Other sellers (Paperback)
  • All (14) from $1.99   
  • New (6) from $18.95   
  • Used (8) from $1.99   
E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$41.95
BN.com price

Overview

The E-mail Virus Protection Handbook is organised around specific e-mail clients, server environments, and anti-virus software. The first eight chapters is useful to both users and network professionals; later chapters deal with topics relevant mostly to professionals with an emphasis on how to use e-mail filtering software to monitor all incoming documents for malicious behaviour. In addition, the handbook shows how to scan content and counter email address forgery attacks. A chapter on mobile code applications, which use Java applets and Active X controls to infect email and, ultimately, other applications and whole systems is presented.
The book covers spamming and spoofing: Spam is the practice of sending unsolicited email to users. One spam attack can bring down an entire enterprise email system by sending thousands of bogus messages or "mailbombing," which can overload servers. Email spoofing means that users receive messages that appear to have originated from one user, but in actuality were sent from another user. Email spoofing can be used to trick users into sending sensitive information, such as passwords or account numbers, back to the spoofer.

• Highly topical! Recent events such as the LoveBug virus means the demand for security solutions has never been higher
• Focuses on specific safeguards and solutions that are readily available to users

The "E-Mail Virus Protection Book" presents a strong challenge to e-mail attacks, which can introduce lethal viruses, compromise or destroy information, damage businesses, and create tremendous expenses in both time and money. Organized around specific e-mail clients, server environments and antivirus software, the book is aimed at both users and network professionals.

Read More Show Less

Editorial Reviews

Booknews
A guide for system administrators and end-users to securing the most ubiquitous feature of the Internet. Explains how e-mail servers work, the vulnerabilities common to clients and servers, encrypting e-mail messages, using antivirus and personal firewall software, and securing the operating system from attack. No bibliography is provided. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More Show Less

Product Details

  • ISBN-13: 9781928994237
  • Publisher: Elsevier Science
  • Publication date: 12/6/2000
  • Pages: 476
  • Product dimensions: 7.44 (w) x 9.69 (h) x 1.04 (d)

Read an Excerpt

1. Understanding the Threats

Introduction

E-mail is the essential killer application of the Internet. Although Web-based commerce, business to business (13213) transactions, and Application Service Providers (ASPs) have become the latest trends, each of these technologies is dependent upon the e-mail client/server relationship. E-mail has become the "telephone" of Internet-based economy; without e-mail, a business today is as stranded as a business of 50 years ago that lost its telephone connection. Consider that 52 percent of Fortune 500 companies have standardized to Microsoft's Exchange Server for its business solutions (see http://serverwatch.internet.com/reviews/mail-exchange2000_l.html). Increasingly, e-mail has become the preferred means of conducting business transactions. For example, the United States Congress has passed the Electronic Signatures in Global and National Commerce Act. Effective October 2000, e-mail signatures will have the same weight as pen-and-paper signatures, which will enable businesses to close multi-billion dollar deals with properly authenticated e-mail messages. Considering these two facts alone, you can see that e-mail has become critical in the global economy. Unfortunately, now that businesses have become reliant upon e-mail servers, it is possible for e-mail software to become killer applications in an entirely different sense-if they're down, they can kill your business.

There is no clear process defined to help systems administrators, management, and end-users secure their e-mail. This is not to say that no solutions exist; there are many (perhaps even too many) in the marketplace-thus, the need for this book. In thisintroductory chapter, you will learn how e-mail servers work, and about the scope of vulnerabilities and attacks common to e-mail clients and servers. This chapter also provides a summary of the content of the book. First, you will get a brief overview of how e-mail works, and then learn about historical and recent attacks. Although some of these attacks, such as the Robert Morris Internet Worm and the Melissa virus, happened some time ago, much can still be learned from them. Chief among the lessons to learn is that systems administrators need to address system bugs introduced by software manufacturers. The second lesson is that both systems administrators and end-users need to become more aware of the default settings on their clients and servers. This chapter will also discuss the nature of viruses, Trojan horses, worms, and illicit servers.

This book is designed to provide real-world solutions to real-world problems. You will learn how to secure both client and server software from known attacks, and how to take a proactive stance against possible new attacks. From learning about encrypting e-mail messages with Pretty Good Privacy (PGP) to using anti-virus and personal firewall software, to actually securing your operating system from attack, this book is designed to provide a comprehensive solution. Before you learn more about how to scan e-mail attachments and encrypt transmissions, you should first learn about some of the basics.

Essential Concepts

It is helpful to define terms clearly before proceeding. This section provides a guide to many terms used throughout this book.

Servers, Services, and Clients

A server is a full-fledged machine and operating system, such as an Intel system that is running the Red Hat 6.2 Linux operating system, or a Sparc system that is running Solaris 8. A service is a process that runs by itself and accepts network requests; it then processes the requests. In the UNIX/ Linux world, a service is called a daemon. Examples of services include those that accept Web (HTTP, or Hypertext Transfer Protocol), e-mail, and File Transfer Protocol (FTP) requests. A client is any application or system that requests services from a server. Whenever you use your e-mail client software (such as Microsoft Outlook), this piece of software is acting as a client to an e-mail server. An entire machine can become a client as well. For example, when your machine uses the Domain Name System (DNS) to resolve human readable names to IP addresses when surfing the Internet, it is acting as a client to a remote DNS server.

Authentication and Access Control

Authentication is the practice of proving the identity of a person or machine. Generally, authentication is achieved by proving that you know some unique information, such as a user name and a password. It is also possible to authenticate via something you may have, such as a key, an ATM card, or a smart card, which is like a credit card, except that it has a specialized, programmable computer chip that holds information. It is also possible to authenticate based on fingerprints, retinal eye scans, and voice prints.

Regardless of method, it is vital that your servers authenticate using industry-accepted means. Once a user or system is authenticated, most operating systems invoke some form of access control. Any network operating system (NOS) contains a sophisticated series of applications and processes that enforce uniform authentication throughout the system. Do not confuse authentication with access control. Just because you get authenticated by a server at work does not mean you are allowed access to every computer in your company. Rather, your computers maintain databases, called access control lists. These lists are components of complex subsystems that are meant to ensure proper access control, usually based on individual users and/or groups of users. Hackers usually focus their activities on trying to defeat these authentication and access control methods.

Now that you understand how authentication and access control works, let's review a few more terms.

Hackers and Attack Types

You are probably reading this book because you are:

1. Interested in protecting your system against intrusions from unauthorized users.
2. Tasked with defending your system against attacks that can crash it.
3. A fledgling hacker who wishes to learn more about how to crash or break into systems.

To many, a hacker is simply a bad guy who breaks into systems or tries to crash them so that they cannot function as intended. However, many in the security industry make a distinction between white hat hackers, who are benign and helpful types, and black hat hackers, who actually cross the line into criminal behavior, such as breaking into systems unsolicited, or simply crashing them. Others define themselves as grey hat hackers, in that they are not criminal, but do not consider themselves tainted (as a strict white hat would) by associating with black hats. Some security professionals refer to white hat hackers as hackers, and to black hat hackers as crackers. Another hacker term, script kiddie, describes those who use previously-written scripts from people who are more adept. As you might suspect, script kiddie is a derisive term.

Many professionals who are simply very talented users proudly refer to themselves as hackers, not because they break into systems, but because they have been able to learn a great deal of information over the years. These professionals are often offended by the negative connotation that the word hacker now has. So, when does a hacker become a cracker? When does a cracker become a benign hacker? Well, it all depends upon the perspective of the people involved. Nevertheless, this book will use the terms hacker, cracker, and malicious user interchangeably.

What Do Hackers Do?

Truly talented hackers know a great deal about the following:

1. Programming languages, such as C, C++, Java, Perl, JavaScript, and VBScript.

2. How operating systems work. A serious security professional or hacker understands not only how to click the right spot on an interface, but also understands what happens under the hood when that interface is clicked.

3. The history of local-area-network (LAN)- and Internet-based services, such as the Network File System (NFS), Web servers, Server Message Block (SMB, which is what allows Microsoft systems to share file and printing services), and of course e-mail servers.

4. Many hackers attack the protocols used in networks. The Internet uses Transmission Control Protocol/Internet Protocol (TCP/IP), which is a fast, efficient, and powerful transport and addressing method. This protocol is in fact an entire suite of protocols. Some of these include Telnet, DNS, the File Transfer Protocol (FTP), and all protocols associated with e-mail servers, which include the Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), and the Internet Messaging Application Protocol (IMAP).

5. How applications interact with each other. Today's operating systems contain components that allow applications to "talk" to each other efficiently. For example, using Microsoft's Component Object Model (COM) and other technologies, one application, such as Word, can send commands to others on the local machine, or even on remote machines. Hackers understand these subtle relationships, and craft applications to take advantage of them.

A talented hacker can quickly create powerful scripts in order to exploit a system....

Read More Show Less

Table of Contents

Introduction
Ch. 1 Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers 1
Ch. 2 Securing Outlook 2000 31
Ch. 3 Securing Outlook Express 5.0 and Eudora 4.3 75
Ch. 4 Web-based Mail issues 119
Ch. 5 Client-Side Anti-Virus Applications 147
Ch. 6 Mobile Code protection 195
Ch. 7 Personal Firewalls 227
Ch. 8 Securing Windows 2000 Advanced Server and Red Hat Linux 6 for E-mail Services 295
Ch. 9 Microsoft Exchange Server 5.5 333
Ch. 10 Sendmail and IMAP Security 367
Ch. 11 Deploying Server-side E-mail Content Filters and Scanners 397
App. Secrets 437
Index 447
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)