Communication Security: Remote Access and Messaging • Chapter 3  147

                    Most mail and DNS servers can be configured to perform a verification of the
                 domain name given via a simple process detailed in RFC 1912.

                      1. A reverse DNS lookup is performed against the domain or IP.
                      2. The returned information (domains) are searched via a regular DNS
                         lookup for any A or CNAME records
                      3. The A records are compared against the original IP of the sending server
                         to validate if the sending IP is really from the alleged domain.

                    A Forward Confirmed reverse DNS (FCrDNS) verification is, by itself, a weak
                 form of authentication, but is in fact effective because both spammers and phishers
                 cannot usually pass this simple test from “faked” or “zombie” machines.
                    In addition to the FCrDNS check, messaging servers can be made to require a
                 valid Fully Qualified Domain Name (FQDN) in the SMTP HELO/EHLO state-
                 ment coming from the sending server. If a FQDN name is not given and transmis-
                 sion is attempted, the connection can be refused.
                    Lastly, some of the best defense against spoofing is an intelligent message filter
                 that will examine the tcp_wrapper, ident, and the URLs in the body text. Often the
                 content of spoofed mail is as illegitimate as the sender information, and like
                 phishing, the goal may be to entice a user to respond with information that should
                 be kept confidential. Network appliances (including some firewalls) and certainly
                 spam and most anti-virus programs can detect messages with such content.


                 E-mail and Mobility
                 A growing arena is the area mobility.As discussed earlier, PDAs can now send and
                 receive mail without a deliberate effort made on the part of the user. Rather, mes-
                 saging information is “pushed” to the device over the air as long as an Internet
                 connection is made available on the device.Typically, these devices are digital.
                 Companies like Sprint and Verizon fashion Treo’s and other devices to work on
                 their digital networks for Internet services as much as telephony.
                    There are only a few ways messages are being secured, and much of this has to
                 do with what’s provided by either the ISP and how access to e-mail servers is con-
                 figured by the security or network administrator. ISPs typically provide access to
                 wireless devices via a combination of the Wi-Fi Alliance approved protocols WEP
                 and WAP. In a mobile device network, ISPs provide gateway devices (WAP servers
                 or WAP gateways) that enable the encoding/decoding of a version of MTML
                 called Wireless Markup Language (WML) that is sent to and from Web servers.





                                                                              www.syngress.com