Email Security Testing Zone: (Internet Focus).GFI GFI Ground Fault Interrupter GFI Go For It GFI Government-Furnished Information GFI Growing Families International GFI Goodness of Fit Indices GFI Government Financial Institutions (Philippines) GFI Gross Farm Income has launched an Email Security Testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, Zone to enable organizations to check whether their email systems are vulnerable to email viruses and attacks. The zone, http://www.gfi.com/emailsecuritytest/, allows visitors to discover if their system is secure against current and future email threats, such as emails containing infected attachments, entails with malformed malĀ·formed adj. Abnormally or faultily formed. MIME headers, and HTML mails with embedded scripts. GFI's Email Security Testing Zone currently includes 4 tests: * VBS See VBScript. attachment vulnerability test This test checks whether a mail server blocks VBS attachments. VBS files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms. The LoveLetter or Love Bug, and AnnaKournikova are examples of viruses transmitted using this method. * CLSID (CLasS ID) The identification of a COM object. Applications that support Microsoft's COM architecture register their objects as CLSIDs. See COM and GUID. extension vulnerability test This test reveals whether a mail server detects and blocks files with CLSID extensions. Attachments having a CLSID extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG See JPEG. jpg - JPEG or WAV files - that do not need to be blocked. * MIME header vulnerability test This test examines whether a corporate system is protected against emails, using the MIME exploit. The MIME exploit makes use of a malformed MIME header and an IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS file is automatically executed upon opening the email, thus making this exploit very dangerous when combined with virulent code. An example of this is the notorious Nimda virus and its variants. * ActiveX vulnerability test Through this test, users can discover if their machine is vulnerable to the ActiveX exploit. ActiveX within HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. content can circumvent security measures in certain circumstances. Vulnerabilities within interact Explorer and Outlook allow such content to be executed. Users can sign up for these tests by submitting their name and email address at GFI's Email Security Testing Zone. They will then receive harmless tests by email, through which they can check the vulnerability of their email system. For more information and to request the tests, p visit: http://www.gfi.com/emailsecuritytest/. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion