Workplace interception and subsequent replay – message content

Workplace communication is vital to ensure company competitiveness, a fluid and reliable communication system increases productivity and allows employees to operate effectively. Security Policies should be built into the design and use of the system to enable sufficient protections for the users data from attack. Once an email server is in place it will carry everything from menial messages to highly confidential documents so will need to be sufficiently protected. 21AnalysisWhen preparing a new security policy for an email server, network analysis has to take place. To ensure countermeasures are in place, sufficient investigation of the weaknesses has to take place. Security in Computing 3rd edition quoted possible attacks could include– message interception (confidentiality) – message interception (blocked delivery)- message interception and subsequent replay – message content modification- message origin modification – denial of message transmission 22Server ProtectionServer Hardening should be enabled to close ports that aren’t in current use, limiting entry ports to the server will decrease the likelihood of users gaining access through unconfigured / unsecured ports. 23 Limiting available connections based on server configuration and average load can decrease the opportunity of DOS attacks, limiting the number of connections, trying to connect at the same time & the rate in which they do so. 24Regular system wide updates should take place to ensure newly found security weaknesses are patched, it is imperative that any gaps in the email system are filled to limit external access through vulnerabilities for eavesdropping or interception. Anti-Virus protection should also be installed onto the server to protect it from penetration.Backups of server files should take place in case of hardware failure or file corruption. Backup files should be saved to a secondary mail server to reduces the likelihood of a single point of failure.Anti-VirusAll email traffic should be scanned for viruses and malware, email attachments that are found to be malicious or to contain certain file types should be removed from the email, quarantined for analysis & then deleted. The type of files and when they should be removed should be at the discretion of the network manager. Email AuthenticationEnabling SURBL and creating a local IP Blacklist will prevent most unwanted emails and their senders from sending mail through the server. 25 DNSBL checks an international server for illicit email addresses & IPs, this process significantly reduces unwanted mail passing through the server. Activating Reverse DNS and SPF will check the existence of the senders domain and their permission to send emails before allowing their mail through.EncryptionThrough the analysis of mail encryption standards such as PEM RFC1421-1424, PGP RFC2316, S/MIME, MOSS RFC1848 26-31 there is a clear preference towards PGP and S/MIME. Both Standards are similar in terms that they use public key cryptography, where they differ is how they create those keys. S/MIME derives from the PKCS#7 format which is harder to crack, S/MINE also requires the server to create these keys. PGP was designed to secure plain text messages while S/MIME was designed to secure all email files / attachments. SSL Protocol will be used on top of the message encryption standards to encrypt the header.