Thursday, October 13, 2005

How to recognize targeted destination e-mail attacks

NETWORK WORLD NEWSLETTER: MICHAEL OSTERMAN ON MESSAGING
10/13/05
Today's focus: How to recognize targeted destination e-mail
attacks

Dear security.world@gmail.com,

In this issue:

* The need to secure against IP harvesting
* Links related to Messaging
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Download this Network World Executive Guide: Storage Trends and
Strategies

From simplicity to complexity, Storage has taken on more
responsibility involving security and many other top demands.
Explore the hottest trends in Storage today written by the
editors of Network World for IT professionals, in the following
Executive Guide and examine extended case studies of users and
advice from storage specialists. Register now and get your free
copy of Network Word's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=117434
_______________________________________________________________
GRID SURPRISE

Once considered a specialty technology, the latest buzz pegs
grids as great all-around application servers. Network
executives are finding that once grids are installed, they are
useful for a far wider variety of applications than just
computationally heavy ones. Are there any hitches? Click here
for more:
http://www.fattail.com/redir/redirect.asp?CID=117177
_______________________________________________________________

Today's focus: How to recognize targeted destination e-mail
attacks

By Michael Osterman

In late September, Avinti issued a security alert about targeted
destination e-mail, a recently discovered threat to messaging
servers. This type of attack uses an IP address that has been
harvested from a mail server to directly target another IP
address. Instead of directing a broad-based attack to harvested
e-mail addresses, such as those gleaned during a
directory/dictionary harvest attack, this type of threat
specifically targets one or more IP addresses. The danger is
that improperly configured gateways can forward unfiltered
e-mail directly to an e-mail server, thereby bypassing
anti-virus and other security defenses. Avinti discovered the
threat in one of its customer's sites despite the fact that the
customer had good security defenses in place.

Signs of a targeted destination e-mail attack include e-mail
that is sent to specific IP addresses, an increase in the number
of viruses caught by desktop-based virus scanners even though
gateway-based anti-virus defenses are in place, and incoming
traffic from IP addresses that are not from trusted sources.

Despite the potential severity of this threat, preventing it is
quite straightforward: if a company has internal, gateway-based
anti-virus defenses, the firewall should direct all Port 25
traffic only to the gateway. For organizations that use a hosted
messaging hygiene service, the firewall should be configured to
accept SMTP traffic only if it comes from the IP addresses
specified by the hosted service provider.

The targeted destination e-mail attack is an interesting tactic
for targeting organizations, but is fairly easily defeated.
However, despite lots of prompting to do so, some organizations
do not lock down public connections and so risk being attacked
in this way. Further, for companies that maintain backup MX
records in the public DNS, there is an additional vulnerability
if there are inadequate security defenses for these records.

Many thanks to those at Avinti, MX Logic, Postini and
MessageLabs for their input.

The top 5: Today's most-read stories

1. Windows 2000 vulnerability could lead to new outbreak
<http://www.networkworld.com/nlmsg8724>
2. Symantec AntiVirus Scan Engine has serious bug
<http://www.networkworld.com/nlmsg8504>
3. The ABCs of SOA <http://www.networkworld.com/nlmsg8725>
4. Nortel's uphill battle
<http://www.networkworld.com/nlmsg8078>
5. Bechtel says move to IPv6 is all about business
<http://www.networkworld.com/nlmsg8726>

_______________________________________________________________
To contact: Michael Osterman

Michael D. Osterman is the principal of Osterman Research
<http://www.ostermanresearch.com/>, a market research firm that
helps organizations understand the markets for messaging,
directory and related products and services. He can be reached
by clicking here <mailto:michael@ostermanresearch.com>
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Download this Network World Executive Guide: Storage Trends and
Strategies

From simplicity to complexity, Storage has taken on more
responsibility involving security and many other top demands.
Explore the hottest trends in Storage today written by the
editors of Network World for IT professionals, in the following
Executive Guide and examine extended case studies of users and
advice from storage specialists. Register now and get your free
copy of Network Word's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=117433
_______________________________________________________________
ARCHIVE LINKS

Archive of the Messaging newsletter:
http://www.networkworld.com/newsletters/gwm/index.html
_______________________________________________________________
WEBCAST: OfficeMax: Taking Email Security to the Max

Examine how this enterprise of 35,000 users on three continents
developed a corporate email defense strategy. In stark detail,
you'll see the entire arc of the process: Requirements building,
Demos and trials evaluation, Deployment and ROI calculation -
Tune in today:
http://www.fattail.com/redir/redirect.asp?CID=117098
_______________________________________________________________
FEATURED READER RESOURCE

Network World Technology Insider on Security: Is Encryption the
Perspective?

Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:

<http://www.networkworld.com/nlmsg7498>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment