The first step in deploying e-mail security is to recognize the vulnerabilities specific to e-mail. The protocols used to support e-mail do not employ encryption. Thus, all messages are trans- mitted in the form in which they are submitted to the e-mail server, which is often plain text.
134 Chapter 4 Communications Security and Countermeasures
This makes interception and eavesdropping an easy task. However, the lack of native encryp- tion is one of the least important security issues related to e-mail.
E-mail is the most common delivery mechanism for viruses, worms, Trojan horses, documents with destructive macros, and other malicious code. The proliferation of support for various script- ing languages, auto-download capabilities, and auto-execute features has transformed hyperlinks within the content of e-mail and attachments into a serious threat to every system.
E-mail offers little in the way of source verification. Spoofing the source address of e-mail is a simple process for even the novice hacker. E-mail headers can be modified at their source or at any point during transit. Furthermore, it is also possible to deliver e-mail directly to a user’s inbox on an e-mail server by directly connecting to the e-mail server’s SMTP port. And speaking of in-transit modification, there are no native integrity checks to ensure that a message was not altered between its source and destination.
E-mail itself can be used as an attack mechanism. When sufficient numbers of messages are directed to a single user’s inbox or through a specific STMP server, a denial of service (DoS) can result. This attack is often called mailbombing and is simply a DoS performed by inundating a system with messages. The DoS can be the result of storage capacity consumption or processing capability utilization. Either way the result is the same: legitimate messages cannot be delivered. Like e-mail flooding and malicious code attachments, unwanted e-mail can be considered an attack. Sending unwanted, inappropriate, or irrelevant messages is called spamming. Spamming is often little more than a nuisance, but it does waste system resources both locally and over the Internet. It is often difficult to stop spam because the source of the messages is usually spoofed.
E-Mail Security Solutions
Imposing security on e-mail is possible, but the efforts should be in tune with the value and con- fidentiality of the messages being exchanged. There are several protocols, services, and solutions available to add security to e-mail without requiring a complete overhaul of the entire Internet- based SMTP infrastructure. These include S/MIME, MOSS, PEM, and PGP We’ll discuss S/MIME further in Chapter 10, “PKI and Cryptographic Applications.”
S/MIME Secure Multipurpose Internet Mail Extensions (S/MIME) offers authentication and privacy to e-mail through secured attachments. Authentication is provided through X.509 dig- ital certificates. Privacy is provided through the use of Public Key Cryptography Standard (PKCS) encryption. Two types of messages can be formed using S/MIME: signed messages and enveloped messages. A signed message provides integrity and sender authentication. An envel- oped message provides integrity, sender authentication, and confidentiality.
MOSS MIME Object Security Services (MOSS) can provide authenticity, confidentiality,
integrity, and nonrepudiation for e-mail messages. MOSS employs Message Digest 2 (MD2) and MD5 algorithms; Rivest, Shamir, and Adelman (RSA) public key; and Data Encryption Standard (DES) to provide authentication and encryption services.
PEM Privacy Enhanced Mail (PEM) is an e-mail encryption mechanism that provides authen-
tication, integrity, confidentiality, and nonrepudiation. PEM uses RSA, DES, and X.509.
PGP Pretty Good Privacy (PGP) is a public-private key system that uses the IDEA algorithm
to encrypt files and e-mail messages. PGP is not a standard but rather an independently devel- oped product that has wide Internet grassroots support.
Managing E-Mail Security 135
Through the use of these and other security mechanisms for e-mail and communication transmissions, many of the vulnerabilities can be reduced or eliminated. Digital signatures can help eliminate impersonation. Encryption of messages reduces eavesdropping. And the use of e-mail filters keep spamming and mailbombing to a minimum.
Blocking attachments at the e-mail gateway system on your network can ease the threats from malicious attachments. You can have a 100-percent no-attachments policy or block only those attachments that are known or suspected to be malicious, such as attachments with exten- sions that are used for executable and scripting files. If attachments are an essential part of your e-mail communications, you’ll need to rely upon the training of your users and your antivirus tools for protection. Training users to avoid contact with suspicious or unexpected attachments greatly reduces the risk of malicious code transference via e-mail. Antivirus software is generally effective against known viruses, but it offers little protection against new or unknown viruses.
Facsimile Security
Facsimile (fax) communications are waning in popularity due to the widespread use of e-mail. Electronic documents are easily exchanged as attachments to e-mail. Printed documents are just as easy to scan and e-mail as they are to fax. However, faxing must still be addressed in your overall security plan. Most modems give users the ability to connect to a remote computer system and send and receive faxes. Many operating systems include built-in fax capabilities, and there are numerous fax products for computer systems. Faxes sent from a computer’s fax/ modem can be received by another computer or by a normal fax machine.
Even with declining use, faxes still represent a communications path that is vulnerable to attack. Like any other telephone communication, faxes can be intercepted and are susceptible to eavesdropping. If an entire fax transmission is recorded, it can be played back by another fax machine to extract the transmitted documents.
Some of the mechanisms that can be deployed to improve the security of faxes include fax encryptors, link encryption, activity logs, and exception reports. A fax encryptor gives a fax machine the capability to use an encryption protocol to scramble the outgoing fax signal. The use of an encryptor requires that the receiving fax machine support the same encryption protocol so it can decrypt the documents. Link encryption is the use of an encrypted communication path, like a VPN link or a secured telephone link, over which to transmit the fax. Activity logs and excep- tion reports can be used to detect anomalies in fax activity that could be symptoms of attack. In addition to the security of a fax transmission, it is also important to consider the security of a received fax. Faxes that are automatically printed may sit in the out tray for a long period of time, therefore making them subject to viewing by unintended recipients. Studies have shown that adding banners of CONFIDENTIAL, PRIVATE, and so on have the opposite effect by spur- ring the curiosity of passersby. So, disable automatic printing. Also, avoid using faxes employ- ing ribbons or duplication cartridges that retain images of the printed faxes. Consider integrating your fax system with your network so you can e-mail faxes to intended recipients instead of printing them to paper.
136 Chapter 4 Communications Security and Countermeasures