Page 159 - StudyBook.pdf
P. 159
Communication Security: Remote Access and Messaging • Chapter 3 143
Vulnerabilities
E-mail has become one of the most popular (and faster) means of communication
used today. Users that need to get information and ideas to others quickly use e-
mail rather than the postal service, telephones, and other methods. Since e-mail is
so popular, there are vulnerabilities within the e-mail delivery system. Some are
technical, such as Simple Mail Transfer Protocol (SMTP) relay abuse and e-mail
client vulnerabilities (like Microsoft Outlook), and some are non-technical, such as
spam, e-mail hoaxes, and phishing attempts.
The solution to most of these issues is being proactive regarding the vulnerabil-
ities. Cracking down on open SMTP relay servers, implementing fixes for client
software, keeping anti-virus signature files up to date, and being aware of the
newest threats to the user community constitute the best defense.
SMTP Relay
One feature of SMTP is SMTP relay. Relay simply means that any SMTP message
accepted by one SMTP server will automatically be forwarded to that server’s des-
tination domain. Often, an organization will configure a single SMTP host (such as
a firewall) to relay all inbound and outbound e-mail.
This feature must be carefully configured and tightly controlled. Most e-mail
server programs (Microsoft Exchange, Sendmail, and so forth) have the ability to
limit the addresses that SMTP e-mail can be relayed from.
An improperly configured e-mail server may end up being used to forward
spam to a recipient (or group of recipients) throughout the Internet. Using an open
SMTP relay gives “spammers” free reliable delivery of their messages (Figure 3.17).
What then happens is the recipient(s) of the spam messages will see a company’s
domain name and assume it came from that e-mail server. Eventually, the domain
name will be placed into a DNS-based Blackhole List (DNSBL) to block e-mail
from those sources. Once the domain name has been placed into one of these lists,
companies subscribing to the lists will no longer accept e-mail from that domain.
This can immediately hinder a company’s ability to communicate with clients and
partners. Insufficiently addressing this can cause a domain to be listed more than
once, lengthening the time and process required for removal from the list. If a
request to have a domain removed from the DNSBL is accepted by the holder of
the DNSBL, an uncertain interval of time is still required for changes to propagate
throughout the Internet and to subscribers before a listed domain is truly no-
longer “black listed.”
www.syngress.com
