E-mail Security A Pocket Guide

Tutorials & Methods
, , ,
1

E-mail is now an established and increasingly essential channel of business and personal communication. As such, safeguarding its operation and integrity is an issue of widespread significance. At the same time, e-mail has proven itself to represent a considerable threat vector, providing a route for a variety of attacks including malware, phishing and spam. In addition, e-mail usage can introduce further risks if not appropriately guided and managed, with the potential for confidentiality to be compromised
and reputations to be damaged. With these points in mind it is relevant for all stakeholders to
consider their role in protecting e-mail and using the service appropriately.

This guide provides a concise reference to the main security issues affecting those that deploy and use e-mail to support their organisations, considering e-mail in terms of its significance in a business context, and focusing upon why effective security policy and safeguards are crucial in ensuring the viability of business operations. The resulting coverage encompasses issues of relevance to end-users, business managers and technical staff, and this holistic approach is intended to give each key audience an understanding of the actions relevant to them, as well as an appreciation of the issues facing the
other groups.

CONTENTS

  • Chapter 1: E-mail: Can we live without it? … 12
  • Dependency without a guarantee … 14
  • The implications of dependence … 17
  • Takeaways … 17
  • Chapter 2: E-mail threats and attacks … 19
  • Mass-mailed malware … 20
  • Spams and scams … 23
  • There’s something phishy going on … 28
  • Takeaways … 32
  • Chapter 3: Securing the client … 34
  • General guidelines … 34
  • Web-based clients … 41
  • Mobile clients … 42
  • Takeaways … 44
  • Chapter 4: Safety in transit … 46
  • Protocols … 47
  • Countermeasures … 53
  • Takeaways … 54
  • Chapter 5: Server side security … 55
  • Firewall … 55
  • Authenticated access … 56
  • Connection filtering … 56
  • Address filtering … 60
  • Content filtering … 61
  • Challenge/response … 62
  • E-mail gateway … 63
  • Relaying … 64
  • UBE by attachment … 65
  • Takeaways … 66
  • Chapter 6: E-mail archiving … 68
  • Archiving because we want to … 69
  • Archiving because we have to … 71
  • Takeaways … 73
  • Chapter 7: Ethereal e-mail … 74
  • Takeaways … 76
  • Chapter 8: Risking our reputation? … 78
  • Going down in history … 79
  • Just having a laugh? … 81
  • Putting it in a policy … 83
  • Takeaways … 89
  • Appendix: additional notes … 91
  • Domain Name System (DNS) … 91
  • DomainKeys … 92
  • Architectures … 93
  • Additional Secure Sockets Layer (SSL)
  • certificate warning examples … 94
  • Putting it all together … 96
  • ITG Resources… 98

Download Book

Happy learning!

5 Likes