Latest (all topics)
Top stories
Hardware
All-in-One printer
Apple Mac
Audio
Backup
Book
Broadband
Camcorder
CD drive
Desktop PC
Digital camera
DVD drive
Gaming
Graphics card
Hard disk
Input device
Laptop
LCD
Mobile phone
Modem
Monitor
Motherboard
Multimedia
Networking
PDA
Printer
Processor
Projector
Scanner
Server
Tuning
UPS
Video
Web camera
Whiteboard
Miscellaneous
Software
Apple Mac
Audio
Backup
Business
Developer
Educational
Game
Graphics
Internet
Linux
Networking
Operating System
PDA
Security
Server
Utilities
Miscellaneous
 
Spam's a pain, but it's not your biggest threat
 
In the last few years spam has grown exponentially. Despite changes in the law and the introduction of new regulations, junk e-mail continues to flood in, overloading corporate networks and generally placing a strain on the business operation, not to mention the loss in productivity. Spam is now the number one issue for the majority of IT managers, but by focusing solely on this issue are they in danger of missing the wider issues of e-mail security?

Many companies have taken a short-term view of the e-mail security problem, tackling only the most obvious problems of viruses, trojans and spam and implementing piecemeal solutions to combat them. What they fail to consider is the growing threat from other sources such as malformed messages and denial of service (DoS) attacks.

Most e-mail client software has been sufficiently enhanced over the years to accept and 'correct' corrupt or badly formatted headers. The majority of the time this is a helpful operation as it ensures speedy e-mail delivery. However, not all anti-virus scanners 'see' malformed messages and therefore do not check or scan them. This makes it possible to purposefully construct a malformed message that actually contains malware and delivers it, undetected, right into the heart of the corporate office.

In addition, some malformed messages can force the CPU to run at 100 per cent, thus causing the machine to crash. E-mail servers process messages with the same amount of fortitude as a dog with a bone - once it's got hold of it, it doesn't let go. A maliciously malformed message may result in a DoS attack with the affected server unable to move on until it finishes processing, which could be hours.

DoS attacks can take many forms. Dictionary Harvest Attacks (DHA), for instance, are used as a means to check for legitimate e-mail addresses and then send thousands of messages to a corporate e-mail server - each one with a slightly different spelling to a name. Unprotected e-mail servers bounce back unknown recipients, allowing the spammer to collate a database of valid e-mail addresses.

A recent report by Osterman Research said that one source estimated that approximately one-third of all e-mail server processing was due to handling DHA. E-mail servers have finite processing capacity, even if a DHA doesn't make it fall over, it can severely impact on performance, not something many organisations can afford with a mission critical application.

The most common type of DoS attacks result from buffer overflow vulnerabilities, which take advantage of discovered weaknesses within an operating system. For example, Microsoft's security bulletin MS03-046, the 'Vulnerability in Exchange Server Could Allow Arbitrary Code Execution' problem identifies how an attacker can cause a buffer overrun that could permit them to essentially hijack an organisation's e-mail servers and run malicious programs in the security context of the SMTP service.Vulnerabilities of this kind are reported regularly - this is the 46th Security Bulletin issued from Microsoft this year alone.

These threats can be thwarted by regular patching, but for the average organisation keeping up to date on all the patches released is time consuming and expensive. Add to that the plethora of different technologies required to protect the server, the chances are that the server will run into difficulties because other applications running on the same system are incompatible.

This is a particular problem when spam, anti-virus or content filtering solutions are implemented as third-party add-ons or plug-ins on a mail server. There is always a risk that a new security patch cannot be installed because of the presence of the third-party product or that installing the patch will stop the product from working. The system administrator is then faced stark with the choice of leaving a critical system unpatched or disabling a security product until an updated version can be supplied.

In the real world, constant patching is not a practical solution and until recently many organisations have been prepared to take the risk and perform just a limited selection. However, with the time between vulnerabilities being announced to when they are exploited becoming increasingly shorter, the risks of not patching are becoming higher. Companies need to realise that e-mail is too mission-critical to be afforded only limited protection and should start examining and evaluating their entire e-mail security infrastructure.

What they will find is that many of the technologies they have implemented along the way are just stop-gaps, something that has worked well for the interim period, but now that they need to ensure sophisticated routing and delivery, provide users with remote access and still remain secure, these solutions are not enough. Spam may be hitting the headlines, but it's only part of the problem and there are many more issues impacting e-mail that need to be addressed.

E-mail security is a complex problem that can only realistically be addressed with a specialist product. If the stability of your company's e-mail flow rests in your hands, move on from spam, look at the bigger issues and save your bacon.


BorderWare Technologies is exhibiting at Infosecurity Europe 2004, Europe's number one IT security exhibition. The event brings together professionals interested in IT security from around the globe with suppliers of security hardware, software and consultancy services. Now in its 9th year, the show features Europe's most comprehensive free education programme and over 200 exhibitors at the Grand Hall at Olympia, London, from 27-29 April 2004.

Peter Cox, BorderWare Technologies




BIOS, Apr 22, 04 | Print | Send | Comments (0) | Posted In Security
Related Articles

Webroot Software Spy Sweeper 5.3
PC Tools Spyware Doctor 4.0
How Cybercrime Operations Work
ZoneLabs ZoneAlarm Internet Security Suite 7
Stop Wasting Money On Penetration Testing
HP Spying Case Highlights Data Conundrum
Password Malpractice, Are You Guilty?
Eset NOD32 For Windows 2.7
Has IT Driven You Crazy?
People Cannot Be Patched

More...
   
     
© 2007 Black Letter Publishing Ltd. - Disclaimer - Terms - About - Contact - Advertise - Newsletter

Hosted By Gradwell - Powered By Eclipse Internet - Sponsored By Ipswitch & Microboards DVD Duplicators