Feature

E-mail Security Guide for Managers

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing five of the top network-based inline IPS appliances."

Download it now to read this article plus other related content.

SPECIAL
Staying on top of the latest e-mail threats.

You are trekking through very rough terrain. Spammers and virus writers are blending mass-mailing spamming techniques to distribute malware, whose impact is more destructive than ever before. To combat this trend, we've compiled a comprehensive guide for managers grappling with these issues. We've out lined the e-mail security landscape and the latest threats, gathered solutions from users, and compiled a guide of the latest product offerings. What's more, we've given you practical tips on some of the most common and vexing problems to help you navigate the rocky e-mail security landscape.

Brett McKeachnie is fighting an uphill battle against e-mail-borne threats. He's deployed all the usual weapons--blacklists, antispam scanners and signature-based antivirus engines--but he still doesn't feel he is keeping pace with the bad guys.

"It's as bad as I've ever seen it," says McKeachnie, director of infrastructure operations at Utah Valley State College (UVSC). In early 2004, McKeachnie noticed that antivirus software makers were consistently starting to release two or three signature updates each day. "We thought that, if [AV vendors are] putting stuff out that quickly, there's got to be a lot of things that are getting by during the time when these companies identify a virus and publish the signatures."

    Requires Free Membership to View

Policy checklist for preventing
e-mail borne blended attacks
  • EDUCATE USERS to never click on any e-mail attachments, especially if they are unsolicited or from a stranger.

  • BLOCK E-MAIL ATTACHMENTS at the gateway through firewall rules. If a business absolutely must use e-mail attachments, set that department up with its own dedicated mailbox segregated from the main e-mail system.

  • USE SPAM FILTERS and educate users to delete any and all spam before reading it--spam should never be opened or responded to.

  • SET UP E-MAIL CLIENTS to only display plain text -- never HTML.

  • HAVE A POLICY in place to access (or to block access) personal e-mail accounts from the office.

  • Joel Dubin, CISSP, is the author of The Little Black Book of Computer Security and an independent computer security consultant based in Chicago, specializing in Web and application security.

McKeachnie opted for a technology that tests each attachment by running it in a virtual machine environment and blocking or quarantining anything that exhibits suspicious behavior. Avinti's iSolation Server gives UVSC a proactive layer of defense and relieves the necessity of blanket prohibitions on file attachments, which caused headaches particularly for computer science majors trying to file their homework.

McKeachnie isn't paranoid; he's typical of thousands of IT and security pros who try to counter escalating threats posed by e-mail.

Short-span and Blended Attacks
Research consistently shows that spam constitutes 70 percent or more of all e-mail communications. To make matters worse, the tactics used by virus writers and spammers are becoming more sophisticated. To avoid detection by antivirus software, malware writers are blending mass-mail spamming techniques to distribute viruses, worms and Trojans, and to lure users to malicious Web sites. These so-called short-span attacks leverage vast networks of infected computers to distribute viruses within hours by seeding malware to thousands of computers instantaneously.

A handful of these short-span virus attacks, including Goldun.BA and Beagle.BQ, were completed in less than seven hours, according to research compiled by antivirus software maker Comm-touch in June. Such attacks strain the ability of antivirus software makers to create and distribute anti-virus signatures fast enough to squash the outbreak. Another tactic: Virus writers use the serial variant, in which a new version of the worm or virus is released each day in an at-tempt to outrun the ability of anti- virus vendors to create signatures.

According to Symantec Corp.'s latest Internet Security Threat Report, this could explain why the number of virus variants targeting Windows reached 10,866 through June, up 142 percent over the first half of last year.

This was first published in October 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: