Join Lisa Bock for an in-depth discussion in this video Protecting the email server, part of IT Security Foundations: Operating System Security.
- When we talk about email we must remember the email server is the first stop email goes to before it is released to the client. The email server receives a lot of email, some of it which is not really legitimate, and we have to seek ways to reduce the threats to the organization, right there at the server. Now when we take a look at protecting the email server we want to defend against malware and spam. There are many mechanisms we could use of course in the server operating system, but additional tools, most likely will be needed.
We seek to provide in-depth protection. Even though we have client-side protection we're going to use the in-depth protection on the server side as well. Now spam continues to be a serious problem. This is unwanted or abusive emails. The fact is that 80 and in some cases 90 percent of the email that comes in is unwanted email. One of the concerns is spam is a lot of times a vehicle for cybercrime. Spam is created by botnets and other automated tools and that's why it is so easy to flood the email server with unwanted or abusive email.
Now when dealing with spam, a lot of times specialized devices might be used. That's able to handle the large volume of spam that's coming through your organization before it even gets onto your server. Specialized devices will monitor and update in real time to provide that protection, and when it flags it as spam it will quarantine what's called suspicious email. Now understand it's doing a quarantine according to some metrics that it's determined that it's a possible spam email, however clients can release a message if they're sure it's safe.
Sometimes because of the metrics that are done it's flagged as spam inappropriately. Now viruses and malware are also a very serious concern, it continues to be so because viruses will never go away. As long as there as a way to propagate them through the network and the internet they might still show up on your inbox, in most cases they do. We want to catch and quarantine those viruses and malware before they're released to the clients. In order to protect against viruses and malware we'll want to run multiple antivirus scanning engines because one might catch something another one will miss.
It goes without saying we also want to keep our virus definitions up to date, as they do change very rapidly. Regardless of all these tools and mechanisms, client education is still important. We'll want to instruct the clients not to click on a suspicious link and also to report any suspicious emails to the network administrator. If you were to receive a suspicious folder or file in an email, the best thing for you to do is just to simply delete it, and notify your network administrator.
However, what happens when a suspicious file or folder is run through an antivirus? Let's take a look. I'm at this website eicar.org. Now on this website I'll just go to About Us and it will tell us a little bit about this organization. European Institute for Computer Antivirus Research. Now what they have provided is an anti malware test file which you can download and test your antivirus.
However, I'm in a virtual machine and understand most modern operating systems will simply delete the file and not allow you to download it, which is good because that's the way that most normal antivirus, anti malware protection works. However, I was able to download it, and I will just click on the page where it says where we can download the test file. Now understand it has a lot of disclaimers here. Basically it's telling us that this is a test file that will react just as if it was a virus.
In addition, it says that it really can't say what will happen to it once you get it onto your system. So again, I'd use caution, but if you just would simply like to follow along, let's take a look. Now I'm at this website, virustotal, and what I'm going to do is I'm going to select the file that I've downloaded, and ask virustotal to scan it and give me the result, to see whether it's a suspicious file or not.
As you can see, the detection ratio shows that it is looking sort of suspicious. Although, it does indicate that it feels it is harmless, although it is supposed to be a test file. It does recognize it as a test file and not a virus. However this is something that can be used if you do suspect that you have a file or folder that does contain malware.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Creating strong passwords
- Understanding biometric security
- Adjusting permission behavior
- Enabling auditing
- OS hardening
- Using the Microsoft Baseline Security Analyzer
- Protecting email