E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks

E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks


View All Available Formats & Editions
Eligible for FREE SHIPPING
  • Want it by Friday, October 26?   Order by 12:00 PM Eastern and choose Expedited Shipping at checkout.


E-Mail Virus Protection Handbook: Protect Your E-mail from Trojan Horses, Viruses, and Mobile Code Attacks by Syngress, Brian Bagnall, Syngress Publishing

The E-mail Virus Protection Handbook is organised around specific e-mail clients, server environments, and anti-virus software. The first eight chapters are useful to both users and network professionals; later chapters deal with topics relevant mostly to professionals with an emphasis on how to use e-mail filtering software to monitor all incoming documents for malicious behaviour. In addition, the handbook shows how to scan content and counter email address forgery attacks. A chapter on mobile code applications, which use Java applets and Active X controls to infect email and, ultimately, other applications and whole systems is presented.

The book covers spamming and spoofing: Spam is the practice of sending unsolicited email to users. One spam attack can bring down an entire enterprise email system by sending thousands of bogus messages or "mailbombing," which can overload servers. Email spoofing means that users receive messages that appear to have originated from one user, but in actuality were sent from another user. Email spoofing can be used to trick users into sending sensitive information, such as passwords or account numbers, back to the spoofer.

  • Highly topical! Recent events such as the LoveBug virus means the demand for security solutions has never been higher
  • Focuses on specific safeguards and solutions that are readily available to users

Product Details

ISBN-13: 9781928994237
Publisher: Elsevier Science
Publication date: 12/06/2000
Pages: 476
Product dimensions: 7.44(w) x 9.69(h) x 1.04(d)

Read an Excerpt

1. Understanding the Threats


E-mail is the essential killer application of the Internet. Although Web-based commerce, business to business (13213) transactions, and Application Service Providers (ASPs) have become the latest trends, each of these technologies is dependent upon the e-mail client/server relationship. E-mail has become the "telephone" of Internet-based economy; without e-mail, a business today is as stranded as a business of 50 years ago that lost its telephone connection. Consider that 52 percent of Fortune 500 companies have standardized to Microsoft's Exchange Server for its business solutions (see http://serverwatch.internet.com/reviews/mail-exchange2000_l.html). Increasingly, e-mail has become the preferred means of conducting business transactions. For example, the United States Congress has passed the Electronic Signatures in Global and National Commerce Act. Effective October 2000, e-mail signatures will have the same weight as pen-and-paper signatures, which will enable businesses to close multi-billion dollar deals with properly authenticated e-mail messages. Considering these two facts alone, you can see that e-mail has become critical in the global economy. Unfortunately, now that businesses have become reliant upon e-mail servers, it is possible for e-mail software to become killer applications in an entirely different sense-if they're down, they can kill your business.

There is no clear process defined to help systems administrators, management, and end-users secure their e-mail. This is not to say that no solutions exist; there are many (perhaps even too many) in the marketplace-thus, the need for this book. In thisintroductory chapter, you will learn how e-mail servers work, and about the scope of vulnerabilities and attacks common to e-mail clients and servers. This chapter also provides a summary of the content of the book. First, you will get a brief overview of how e-mail works, and then learn about historical and recent attacks. Although some of these attacks, such as the Robert Morris Internet Worm and the Melissa virus, happened some time ago, much can still be learned from them. Chief among the lessons to learn is that systems administrators need to address system bugs introduced by software manufacturers. The second lesson is that both systems administrators and end-users need to become more aware of the default settings on their clients and servers. This chapter will also discuss the nature of viruses, Trojan horses, worms, and illicit servers.

This book is designed to provide real-world solutions to real-world problems. You will learn how to secure both client and server software from known attacks, and how to take a proactive stance against possible new attacks. From learning about encrypting e-mail messages with Pretty Good Privacy (PGP) to using anti-virus and personal firewall software, to actually securing your operating system from attack, this book is designed to provide a comprehensive solution. Before you learn more about how to scan e-mail attachments and encrypt transmissions, you should first learn about some of the basics.

Essential Concepts

It is helpful to define terms clearly before proceeding. This section provides a guide to many terms used throughout this book.

Servers, Services, and Clients

A server is a full-fledged machine and operating system, such as an Intel system that is running the Red Hat 6.2 Linux operating system, or a Sparc system that is running Solaris 8. A service is a process that runs by itself and accepts network requests; it then processes the requests. In the UNIX/ Linux world, a service is called a daemon. Examples of services include those that accept Web (HTTP, or Hypertext Transfer Protocol), e-mail, and File Transfer Protocol (FTP) requests. A client is any application or system that requests services from a server. Whenever you use your e-mail client software (such as Microsoft Outlook), this piece of software is acting as a client to an e-mail server. An entire machine can become a client as well. For example, when your machine uses the Domain Name System (DNS) to resolve human readable names to IP addresses when surfing the Internet, it is acting as a client to a remote DNS server.

Authentication and Access Control

Authentication is the practice of proving the identity of a person or machine. Generally, authentication is achieved by proving that you know some unique information, such as a user name and a password. It is also possible to authenticate via something you may have, such as a key, an ATM card, or a smart card, which is like a credit card, except that it has a specialized, programmable computer chip that holds information. It is also possible to authenticate based on fingerprints, retinal eye scans, and voice prints.

Regardless of method, it is vital that your servers authenticate using industry-accepted means. Once a user or system is authenticated, most operating systems invoke some form of access control. Any network operating system (NOS) contains a sophisticated series of applications and processes that enforce uniform authentication throughout the system. Do not confuse authentication with access control. Just because you get authenticated by a server at work does not mean you are allowed access to every computer in your company. Rather, your computers maintain databases, called access control lists. These lists are components of complex subsystems that are meant to ensure proper access control, usually based on individual users and/or groups of users. Hackers usually focus their activities on trying to defeat these authentication and access control methods.

Now that you understand how authentication and access control works, let's review a few more terms.

Hackers and Attack Types

You are probably reading this book because you are:

1. Interested in protecting your system against intrusions from unauthorized users.
2. Tasked with defending your system against attacks that can crash it.
3. A fledgling hacker who wishes to learn more about how to crash or break into systems.

To many, a hacker is simply a bad guy who breaks into systems or tries to crash them so that they cannot function as intended. However, many in the security industry make a distinction between white hat hackers, who are benign and helpful types, and black hat hackers, who actually cross the line into criminal behavior, such as breaking into systems unsolicited, or simply crashing them. Others define themselves as grey hat hackers, in that they are not criminal, but do not consider themselves tainted (as a strict white hat would) by associating with black hats. Some security professionals refer to white hat hackers as hackers, and to black hat hackers as crackers. Another hacker term, script kiddie, describes those who use previously-written scripts from people who are more adept. As you might suspect, script kiddie is a derisive term.

Many professionals who are simply very talented users proudly refer to themselves as hackers, not because they break into systems, but because they have been able to learn a great deal of information over the years. These professionals are often offended by the negative connotation that the word hacker now has. So, when does a hacker become a cracker? When does a cracker become a benign hacker? Well, it all depends upon the perspective of the people involved. Nevertheless, this book will use the terms hacker, cracker, and malicious user interchangeably.

What Do Hackers Do?

Truly talented hackers know a great deal about the following:

1. Programming languages, such as C, C++, Java, Perl, JavaScript, and VBScript.

2. How operating systems work. A serious security professional or hacker understands not only how to click the right spot on an interface, but also understands what happens under the hood when that interface is clicked.

3. The history of local-area-network (LAN)- and Internet-based services, such as the Network File System (NFS), Web servers, Server Message Block (SMB, which is what allows Microsoft systems to share file and printing services), and of course e-mail servers.

4. Many hackers attack the protocols used in networks. The Internet uses Transmission Control Protocol/Internet Protocol (TCP/IP), which is a fast, efficient, and powerful transport and addressing method. This protocol is in fact an entire suite of protocols. Some of these include Telnet, DNS, the File Transfer Protocol (FTP), and all protocols associated with e-mail servers, which include the Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), and the Internet Messaging Application Protocol (IMAP).

5. How applications interact with each other. Today's operating systems contain components that allow applications to "talk" to each other efficiently. For example, using Microsoft's Component Object Model (COM) and other technologies, one application, such as Word, can send commands to others on the local machine, or even on remote machines. Hackers understand these subtle relationships, and craft applications to take advantage of them.

A talented hacker can quickly create powerful scripts in order to exploit a system....

Table of Contents

Chapter 1Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers1
Essential Concepts3
Servers, Services, and Clients3
Authentication and Access Control3
Hackers and Attack Types4
What Do Hackers Do?4
Attack Types5
Overview of E-mail Clients and Servers7
Understanding a Mail User Agent and a Mail Transfer Agent7
The Mail Delivery Agent9
When Are Security Problems Introduced?10
History of E-mail Attacks10
The MTA and the Robert Morris Internet Worm11
MDA Attacks12
Analyzing Famous Attacks12
Case Study14
Learning from Past Attacks14
Types of Worms16
Illicit Servers17
Differentiating between Trojans and Illicit Servers18
E-mail Bombing19
Sniffing Attacks19
Spamming and Security21
Common Authoring Languages22
Protecting Your E-mail23
Protecting E-mail Clients23
Third-party Applications23
Hash Encryption and Document Signing27
Protecting the Server27
Chapter 2Securing Outlook 200031
Common Targets, Exploits, and Weaknesses33
The Address Book35
The Mail Folders36
Visual Basic Files37
Attacks Specific to This Client38
No Attachment Security38
Default Settings Are Not Secure38
Zone Security39
Word 2000 as the Outlook E-mail Editor39
Security Updates39
Enabling Filtering42
Junk E-mail42
Filtering Keywords44
Mail Settings and Options44
HTML Messages45
Zone Settings46
Attachment Security48
Attachment Security After Applying Outlook E-mail Security Update51
Enabling S/MIME54
Why You Should Use Public Key Encryption56
Installing and Enabling Pretty Good Privacy (PGP)57
Installing PGP58
Understanding Public Key Encryption62
Generating a Key Pair65
Exchanging Keys67
Key Distribution Sites69
Chapter 3Securing Outlook Express 5.0 and Eudora 4.375
Outlook Express for Windows76
Security Settings77
Secure Mail78
Security Zones80
Outlook Express for Macintosh85
Junk Mail Filter85
Message Rules88
Case Study: Automated Virus Scanning of Mail Attachments90
Eudora for Windows and Macintosh91
Enabling PGP for both Outlook Express and Eudora95
Sending and Receiving PGP-Secured Messages96
Eudora for Windows97
Outlook Express for Windows101
Eudora for Macintosh103
Outlook Express for Macintosh105
Automatic Processing of Messages107
File Attachments and PGP108
Case Study: Securing File Attachments with PGP109
Chapter 4Web-based Mail Issues119
Choices in Web-based E-mail Services121
Why Is Web-based E-mail So Popular?122
The Cost of Convenience122
Specific Weaknesses124
Internet Architecture and the Transmission Path124
Reading Passwords126
Case Study128
Specific Sniffer Applications131
Code-based Attacks133
The PHF Bug134
Hostile Code135
Taking Advantage of System Trusts135
Cracking the Account with a "Brute Force" or Dictionary Application136
Physical Attacks137
Cookies and Their Associated Risks138
Solving the Problem139
Using Secure Sockets Layer (SSL)139
Secure HTTP139
Practical Implementations140
Local E-mail Servers141
Using PGP with Web-based E-mail141
Making Yourself Anonymous142
Chapter 5Client-Side Anti-Virus Applications147
McAfee VirusScan 5150
Availability of VirusScan151
Updates of Virus Definition Files152
Installation of VirusScan 5152
Configuration of VirusScan 5156
Norton AntiVirus 2000163
Availability of Norton AntiVirus 2000163
Updates of Norton AntiVirus 2000 Definition Files164
Installation of Norton AntiVirus 2000165
Configuration of Norton AntiVirus 2000167
Trend Micro PC-cillin 2000176
Availability of Trend Micro PC-cillin 2000176
Updates of PC-cillin Virus Definition Files177
Installation of Trend Micro PC-cillin 2000178
Configuration of Trend Micro PC-cillin 2000181
Trend PC-cillin 2000 Configuration Settings185
Trend Micro PC-cillin 2000 Links188
Chapter 6Mobile Code Protection195
Dynamic E-mail196
Active Content197
Taking Advantage of Dynamic E-mail197
Composing an HTML E-mail198
Inserting Your Own HTML File198
Sending an Entire Web Page200
No Hiding Behind the Firewall201
Mobile Code201
Security Model203
Playing in the Sandbox203
Playing Outside the Sandbox205
Points of Weakness205
Background Threads206
Hogging System Resources206
I Swear I Didn't Send That E-mail207
Scanning for Files207
How Hackers Take Advantage207
Spam Verification207
Theft of Processing Power208
Unscrupulous Market Research208
Applets Are Not That Scary208
Precautions You Can Take208
Security Model211
Points of Weakness212
How Hackers Take Advantage213
Web-Based E-mail Attacks213
Are Plug-in Commands a Threat?213
Social Engineering213
Precautions to Take214
Security Model215
Safe for Scripting216
Points of Weakness217
How Hackers Can Take Advantage218
Preinstalled ActiveX Controls218
Bugs Open the Door219
Intentionally Malicious ActiveX219
My Mistake...220
Trojan Horse Attacks220
Precautions to Take220
Security Model222
Points of Weakness222
VBScript, Meet ActiveX222
How Hackers Take Advantage223
Social Engineering Exploits223
VBScript-ActiveX Can Double Team Your Security223
Precautions to Take224
Chapter 7Personal Firewalls227
What Is a Personal Firewall?228
Blocks Ports230
Block IP Addresses230
Access Control List (ACL)231
Execution Control List (ECL)232
Intrusion Detection233
Personal Firewalls and E-mail Clients234
Levels of Protection235
False Positives235
Network Ice BlackICE Defender 2.1236
E-mail and BlackICE248
Aladdin Networks' eSafe, Version 2.2248
E-mail and ESafe269
Norton Personal Firewall 2000 2.0269
ZoneAlarm 2.1283
E-mail and ZoneAlarm291
Chapter 8Securing Windows 2000 Advanced Server and Red Hat Linux 6 for E-mail Services295
Updating the Operating System296
Microsoft Service Packs296
Red Hat Linux Updates and Errata Service Packages297
Disabling Unnecessary Services and Ports299
Windows 2000 Advanced Server--Services to Disable299
The Server Service300
Internet Information Services (IIS)302
Red Hat Linux--Services to Disable304
Locking Down Ports305
Well-Known and Registered Ports306
Determining Ports to Block308
Blocking Ports in Windows308
Blocking Ports in Linux310
Inetd Services310
Stand-Alone Services310
Maintenance Issues311
Microsoft Service Pack Updates, Hot Fixes, and Security Patches312
Case Study313
Red Hat Linux Errata: Fixes and Advisories314
Case Study316
Windows Vulnerability Scanner (ISS System Scanner)317
Linux Vulnerability Scanner (WebTrends Security Analyzer)320
Windows 2000 Advanced Server325
Common Security Applications326
Firewall Placement327
Chapter 9Microsoft Exchange Server 5.5333
Securing the Exchange Server from Spam334
Configuring the IMS To Block E-mail Attacks335
Exchange and Virus Attacks: Myths and Realities341
Learning from Recent Attacks343
Case Study: Preparing for Virus Attacks345
Exchange Maintenance347
Service Packs347
Plug-ins and Add-ons351
Third-party Add-ons351
Microsoft Utilities352
Content Filtering353
Case Study: Content Scanning356
Attachment Scanning357
Backing Up Data360
Restoring Data363
Chapter 10Sendmail and IMAP Security367
Sendmail and Secu

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews