What e-mail hackers know that you don't.E-mail systems such as Microsoft Exchange Messaging and groupware software for Windows from Microsoft. Exchange Server is an Internet-compliant e-mail system that runs under Windows NT/2000 and Windows Server 2003. It can be accessed by Web browsers, the Exchange client, versions of Outlook and the earlier Windows Inbox. , Lotus Notes Messaging and groupware software from IBM Lotus that was introduced in 1989 for OS/2 and later expanded to Windows, Mac, Unix, NetWare, AS/400 and S/390. Notes provides e-mail, document sharing, workflow, group discussions and calendaring and scheduling. and GroupWise were constructed with a single purpose in mind: accept and send the maximum amount of mail and route that mail as efficiently as possible. Without question this has succeeded, e-mail is the most commonly utilised business communication tool on the planet and its use is projected to rise. In fact, the current volume of e-mail sent worldwide is now more than 50 billion messages per day, with that number expected to double by 2008. E-mail's continually burgeoning popularity makes it an increasingly attractive target for individuals seeking to do harm, either for their own misguided personal satisfaction, or more likely, for financial gain. The first e-mail hackers found simple vulnerabilities in the operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and protocol stacks of e-mail systems and exploited these known weaknesses. Now, however, hackers and virus writers have become specialists, constantly developing new and innovative methods of overcoming the improvements made in today's security systems. The game of cat-and-mouse is unlikely to end any time soon, if ever. With every improvement in defensive techniques, hackers and virus writers modify their tactics in an attempt to circumvent these defences and wreak havoc on corporate networks. Vulnerabilities of e-mail systems Along with the many conveniences and efficiencies that e-mail use brings to an organisation, there are some inherent risks and vulnerabilities that can be exploited by multiple forms of malicious attack: * Denial of Service attacks * Phishing * Spam * Trojans * Viruses * Worms * Zombie A computer that has been covertly taken over in order to perform some nefarious task. It is estimated that millions of PCs around the world have been compromised and, under the control of a third party, routinely transmit messages unbeknownst to the user. attacks How Hackers Attack Multiple different mail servers are used in today's enterprises: chosen for performance, price, name recognition or any of a number of other reasons, servers such as Lotus Notes and Microsoft Exchange dominate the corporate e-mail landscape. Each different mail server has its own set of known vulnerabilities, giving resourceful hackers ample opportunity to search for weaknesses. Once these weaknesses are identified a single hacker can take down an entire rack of mail servers in the blink of an eye. Self-propagation: The New Mission of Attacks Hackers are becoming increasingly sophisticated and are no longer content with simply gaining access to networks to cause mischief and disrupt service. Whereas hackers first spread viruses through individual networks simply because they could, we now are seeing more and more attacks that involve the use of Trojans designed to spread a virus to as many computers as possible, with the intent of taking control of these machines for nefarious purposes. Trojans enter the victim's computer undetected, usually designed as a legitimate e-mail attachment A file that rides along with an e-mail message. The attached file can be of any type. E-mail programs make it easy to attach a file. For example, in Eudora, all you do is select Attach from the Message menu, browse through the folder hierarchy to find the file you want and then double . Once the unsuspecting recipient opens the Trojan the attacker is granted unrestricted access to the data stored on the computer. Trojans can either be hidden programs running on a computer or hidden within a legitimate program meaning a program that the user trusts will have functions they are not aware of. The following chart outlines some of the most popular types of Trojans used by hackers: Type Purpose Remote Access-Designed to give hacker access to the victim's machine. Traditionally, Trojans would listen for a connection on a port that had to be available to the hacker. Now Trojans will call out to hackers giving access to the hacker to machines that are behind a firewall. Some Trojans can communicate through IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. commands, meaning a real TCP/IP TCP/IP in full Transmission Control Protocol/Internet Protocol Standard Internet communications protocols that allow digital computers to communicate over long distances. connection is never made. Data Sending-Sends information back to the hacker. Tactics include key logging, searching for password files and other private information. Destructive-Destroys and delete files Denial-of-Service- Gives a remote hacker the power to start Distribute DOS (DDOS See denial of service attack. ) attacks using multiple 'Zombie' computers Proxy-Designed to turn the victim's computer into a proxy server Also called a "proxy," it is a computer system or router that breaks the connection between sender and receiver. Functioning as a relay between client and server, proxy servers are used to help prevent an attacker from invading the private network. available to the hacker. Used for anonymous Telnet, ICQ ("I Seek You") A conferencing program for the Internet from Mirabilis, Tel Aviv, Israel (www.icq.com). It provides interactive chat, e-mail and file transfer and can alert you when someone on your predefined list has also come online. , IRC, etc. To make purchases with stolen credit cards, etc. Gives the hacker complete anonymity as trail leads back to infected computer. Hybrid attacks that combine the use of Trojans and traditional viruses have become increasingly popular. An example of this is the notorious Nimda virus that used multiple methods to spread itself and managed to get past anti-virus software anti-virus software n → Antivirensoftware f by using a behaviour not typically associated with viruses. Nimda exploited a flaw in the MIME header and managed to infect 8.3 million computers worldwide in a matter of days. Protect your enterprise As businesses place increasing reliance on e-mail systems they must address the growing security concerns from both e-mail borne attacks and attacks against vulnerable e-mail systems. When enterprise e-mail systems are left exposed by insecure devices, hackers can enter the organisation and compromise the companies Corporate backbone, rendering investments in information technology security useless. The implications from a security breach can impact the company's reputation, intellectual property and ability to comply with government regulations. The only way for organisations to fortify for·ti·fy v. for·ti·fied, for·ti·fy·ing, for·ti·fies v.tr. To make strong, as: a. To strengthen and secure (a position) with fortifications. b. To reinforce by adding material. their e-mail systems is to use a comprehensive e-mail security gateway to lock down the e-mail systems. This approach includes: 1. Locking down the e-mail system at the perimeter - Perimeter control for e-mail systems starts with deploying an e-mail gateway. The e-mail gateway should be purpose-built with a hardened operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. and intrusion detection capabilities to prevent the gateway from being compromised. 2. Securing access from outside systems-The e-mail security gateway must be responsible for handling traffic from all external systems and must ensure that traffic passed through is legitimate. By securing access from outside, applications like Webmail are prevented from being used to gain access to internal systems. 3. Real-time monitoring of e-mail traffic-Real-time monitoring of e-mail traffic is critical to preventing hackers from utilising e-mail to gain access to internal systems. Detection of attacks and exploits in e-mail, such as malformed mal·formed adj. Abnormally or faultily formed. MIME, requires continuous monitoring of all e-mail www.infosec.co.uk David Stanley, EMEA (Europe, Middle East, Africa) Refers to that region of the world. For example, one might see products packaged differently for the UK, EMEA and Asia Pacific markets. , Cipher cipher: see cryptography. (1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. Trust |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion