Aug 14

On Google’s enterprise blog on Tuesday, Google said they are going to release a report stating that it has seen more spam virus messages in the month of July than any other month. At one point the number had reached more than 10 million infectious messages in one day on July 24th.

That number is 6 to 7 times what is considered normal. This means spam viruses are now finding ways to bypass the majority of spam filters. Not only that, but spam viruses are now taking a new form. Rather than targeting software vulnerabilities to compromise a system, they are simply utilizing a user’s curiosity. Subject lines of false or wild news stories draw a user in and get them to click on a link that will take them to a website containing malware.

With so much spam viruses prevalent today, it is important to inform users to use their common sense when reading emails. If they don’t know where an email came from or the email contains a news story headline subject that sounds ridiculous, then the email is probably a spam virus.

Posted in Antivirus, Email | No Comments »
Aug 8

Web 2.0 has become a huge buzz word on the internet in the last few years and it will only continue to grow over the next few. It provides a way for people to collaborate and share their ideas in ways they never could before. Generally speaking the internet has not changed much technically. But, since the introduction of Web 2.0, the way people use the internet has. Not only has the general public caught on to this idea of Web 2.0, but businesses are also seeing it as a great way for its employees to communicate, express their ideas, and promote teamwork. Today more than two-thirds of businesses are using at least one Web 2.0 application.

Information thieves have caught onto this fact and have begun looking into new ways to steal information and exploit weaknesses. Over the years we’ve seen many different ways for attackers to initiate attacks. Several years ago email attachments were one of the most prominent ways to spread a virus. But with the introduction of Web 2.0, attackers are seeing it as a new medium for malicious attack. Whereas before users would have to click on email attachments to execute them, now web protocols allow attackers ways to spread malicious code just when a user visits the web page.

Malicious code is not the only threat that Web 2.0 applications expose businesses to. Exposure of confidential information is one of the number one threats that face businesses that Web 2.0 directly exposes them to. More than a third of information leaks are through message boards or blogs that are found on the internet.

Controlling access to Web 2.0 applications has become a main concern for many IT departments. Content control is no longer just a concern for enterprise businesses. Today even small and medium sized businesses are having to look into solutions to control the access to certain content.

Posted in Content Filtering, Email, Information, Internet | No Comments »
Aug 6

Email is a part of everyday life in the business world. Even small companies will see thousands of emails pass through their servers each day. This means there is plenty of opportunity for attack against your mail server. So here are 5 good tips to help keep your email secure.

1) Change your SMTP banner: Most mail servers accept connections of port 25 for use with SMTP. If you telnet on port 25 to a mail server that is opened up on port 25, you will receive a response from that server. This response is called the SMTP banner. Usually by default (with Exchange) this banner will not only display the actual server name and domain, but it will also show the version number and software that is running on that server. This is crucial information that an attacker can utilize when planning an attack. It is important that if your server accepts connections on port 25 that you mask this banner with a canned message that doesn’t display sensitive information like that. For more information on changing this banner with Microsoft Exchange, read this Microsoft article: Changing your SMTP Banner

2) Enabled Relay Restrictions: This is usually set by default on mail servers so that only authentication or specified servers are allowed to relay email through your mail server. But, it is a good security measure to take to ensure that your mail server is not an open relay. If there are no restrictions set, spammers will have a field day with your server. Not only can this really cripple your server if not taken care of promptly, but it can also get your server blacklisted. Once blacklisted you will need to score which blacklists you are on and request to be removed once you prove to them that you are no longer spamming from your server. This can take weeks or months depending on which list you are on. If you aren’t sure if your server is an open relay, you can use this tool to check: Open Relay Checker

3) Make sure your server is up-to-date: Because your mail server is constantly in touch with connections to the outside world, it is crucial that your mail server is always up-to-date. A lot of IT professionals will ensure that their servers have the latest Windows Updates run on their servers, but don’t forget about Exchange updates and service packs as well. Automatic updates won’t keep that up-to-date and many times the security vulnerabilities needed to be patched with Exchange are more critical than your typical Windows update. While there is no excuse for an out-of-date server, if installing updates is something that takes up too much of your time, then look into a patch management solution. Microsoft offers a free solutions for all their software systems called Windows Server Update Services.

4) Protect your mail server with a front-end server: Another good idea for security is to set up a front-end server to act as either a proxy or relay between the mail server that stores your mail databases and the internet. The front-end server will handle all HTTP and SMTP requests for your main mail server. All emails will then be relayed from this front-end server to your main mail server. What this allows you to do is close off port 25 to your main mail server so that it is hidden behind your firewall. Many companies will even provide this service for you. Having your server behind a firewall and accepting connections from only internal mail clients and the front-end server will greatly increase the security of your server.

5) Spam and Virus Protection: I’ve listed both spam and antivirus under the same number here because I think we are at the stage where they both go hand in hand. It is important that you maintain antivirus and antispam software on your network. I recommend using a seperate appliance for spam as this will help catch spam emails from even reaching your mail server. If your mail server processes a lot of emails everyday, then this will help eleviate some of the strain that it carries. Making sure that both systems are up-to-date with the latest signatures goes without saying.

These are only 5 tips for helping maintain security on your mail server and there are a ton more. Hopefully these will get you on the right track and taking email security serious.

Posted in Antivirus, Email, Vulnerabilities | No Comments »