Security UPDATE on Email Filtering
Security UPDATE on Email Filtering
Last week, was about DomainKeys, Sender Policy Framework (SPF),
and CallerID for E-Mail. All three technologies have been submitted to
the Internet Engineering Task Force (IETF) as draft proposals. Since
then, the developers of SPF and Microsoft (the developer of CallerID)
have agreed to merge the two technologies into one. A new draft
proposal will be created and submitted to the IETF; however, the name
for the new technology has yet to be formalized.
If you're interested in some of the ideas regarding how the two
technologies will operate after they're merged, be sure to read Meng
Weng Wong's outline of how things might pan out. Wong is one of the
SPF developers, and you can find his outline in the SPF mailing list
archives.
Last week, it was pointed out that people who intend to use any or all of
the three new technologies to help filter unwanted email will also
need to use other technologies in combination with them because none
of the three new technologies, not even all of them together, will
completely stop unwanted email. A reader of this newsletter who also
participates in the SPF mailing list asked SPF mailing list members
whether my statement was true.
Another reader of this newsletter wrote to tell me that his Hotmail
account is spam free. That may be true; however, I doubt that all
other Hotmail accounts are in the same situation. Regardless, the way
Hotmail (or any technology, for that matter) eliminates junk mail is
to filter it by any of the available various methods, because that's
the only way to do it without resorting to short-term disposable email
addresses. Of course, such filtering relies on a variety of
parameters, including known junk-mail-message content, known domains
and networks that service spammers, open mail relays, keywords, key
phrases, content types, block lists, allow lists, and so on. In the
near future, DomainKeys and the combined SPF/CallerID will be a couple
of additional mechanisms that will definitely be used for mail
filtering. As you may know, the current rendition of SPF is already
part of several mail-filtering packages; undoubtedly, such integration
will continue. If you intend to curb unwanted email, you'll need to
adapt to a method of filtering and tune that method as necessary.
Feature: Coping with Today's Killer App
Some people are still waiting for the next killer app to emerge.
But in my view, email is the killer app and has been for the past
several years. Email has opened up easy communication for people both
inside and outside an organization. It's a fast and convenient
transport and distribution mechanism for vital information and enables
an organization to operate smoothly. For many companies, email is a
mission-critical component: If email is down, the business
suffers--sometimes dramatically. In this article, Michael Otey
discusses the need to treat email as the vital company resource it is
and protect it.
News: Report from the Phishing Spot
According to the Anti-Phishing Working Group, in April, 1125 unique
scams tried to obtain sensitive information from customers of 12
well-known companies, including Citibank, U.S. Bank, eBay, PayPal, and
Federal Deposit Insurance Corporation (FDIC). In March, the group
tracked 402 scams against 18 companies. As of the last week in May,
half as many companies had been targeted as in April, but the total
number of scams for the month was unreported.
Feature: A First Look at the New MBSA
Microsoft recently released a new version of Microsoft Baseline
Security Analyzer (MBSA), a free security auditing and reporting tool.
MBSA 1.2 has many enhancements that improve its functionality for
system and security administrators. In addition to the ability to scan
10,000 machines in one run, MBSA now audits against a Microsoft
Software Update Services (SUS) server and, when run locally, reports
on macro settings in Microsoft Office products, the state of the
Automatic Updates client, and the state of the Internet Connection
Firewall (ICF). Paula Sharick gives an overview of the more notable
new features in MBSA 1.2 in this article on our Web site.
News: Microsoft Partnering to Sell ISA Server Appliances
Microsoft announced at the Tech Ed 2004 conference in San Diego
last week that it will team with hardware vendors to begin selling
security appliances. The company aims to provide customers with a
dedicated hardware solution that runs Internet Security and
Acceleration Server (ISA) 2004, which is currently in beta testing.
The solution will become available in the third quarter of this year
from HP, Network Engines, Celestix Networks, and Avantis. The starting
price will be $1499 per CPU, per server.
FAQ: How can I enable forms-based authentication for an Exchange
Server 2003 system that hosts Microsoft Outlook Web Access (OWA)?
A. After you enable Secure Sockets Layer (SSL) on a Microsoft Internet Information Services 5.0 (IIS) server (as I describe in the FAQ "How can I obtain a certificate so that I can enable Secure Sockets Layer
(SSL) on my Microsoft Internet Information Services 5.0 (IIS)
server?"), you can enable forms-based authentication on the server by
performing these steps:
1. Start the Exchange System Manager (ESM) utility (click Start,
Programs, Microsoft Exchange, System Manager).
2. Navigate to the OWA server (Administrator Groups,
<Administrative group name>, Servers, <Server name>).
3. Expand Protocols and expand HTTP.
4. Right-click the HTTP virtual server and click Properties.
5. Click the Settings tab of the displayed dialog box.
6. Select the "Enable Forms Based Authentication" check box and
click OK.
If you want to stop non-SSL connections to your Exchange server, you
can modify the Exchange virtual directory through the Microsoft
Management Console (MMC) IIS snap-in as follows:
1. Access the Exchange virtual directory's Properties page.
2. Click the Directory Security tab.
3. Click Edit, and in the Secure Communication section, select the
"Require secure channel (SSL)" check box.
Featured Thread: Port Scanning a Windows Server 2003 System
(Seven messages in this thread)
A reader writes that he recently downloaded a simple port scanner
program and scanned his Windows Server 2003 test server. He found that
the server is running the following services: Domain Controller for
his test Active Directory (AD), DHCP, DNS, FTP, File/Print Server, and
RRAS with 2 NICs--one connected to a cable modem and the other to the
LAN.
After the port scanner has scanned all the ports of the WAN IP, its
report shows that numerous other ports are open. The reader wants to
know how to find out which programs are listening on each of the ports
and how worms work (because he suspects that a worm might be able to
infiltrate his system on one of the listening ports).
(A complete Web and live events directory brought to you by Windows
& .NET Magazine)
New Web Seminar--Shrinking the Server Footprint: Blade Servers
In this free Web seminar, you'll learn how blade servers provide
native hot-swappable support, simplified maintenance, modular
construction, and support for scalability. And we'll talk about why
you should be considering a blade server as the backbone of your next
hardware upgrade.
==== 5. New and Improved ====
Monitor Your Server from Anywhere in the World
GFI Software announced GFI Network Server Monitor 5.5, the most
recent version of its automatic network and server monitoring tool.
The upgraded version includes a remote Web monitor, which lets you
check network and server status from anywhere in the world from a Web
browser, a mobile phone, or any handheld device. GFI Network Server
Monitor 5.5 costs $699 for unlimited monitoring of all workstations
and servers or $375 for a five-server monitoring license. For more
information about GFI Network Server Monitor 5.5 and to obtain an
evaluation version, contact GFI on the Web.
