Network Support in Leeds, Bradford and throughout West Yorkshire
Posts Tagged ‘security’Required firewall ports to open for Small Business Server 2003 & 2008May 17th, 2010Installing Microsoft Windows Small Business Server 2003 or 2008, want to know which ports to open on your router….. Well here you go! Small Business Server 2003
Small Business Server 2008
What is Backscatter? Can I stop it?May 12th, 2010So, you log into your email Monday morning and there’s 500+ Non-Delivery Reports for emails you haven’t sent. What’s going on. Has your account been hacked? Unlikely. The more likely reason is that you’re a victim of Backscatter. What is it? In brief, backscatter is the influx of Non Delivery Reports (or NDR’s) into a victim’s Mail Server (or MTA). What is an NDR?Mail Transfer Agents support a service called Delivery Status Notification (DSN) which allows end users to be notified of the status of an email, such as the successful or failed delivery of email messages. A non-delivery report is a status message sent by the recipient or interim email server that informs the sender of a email message delivery failure. There are several issues that can trigger an NDR, the most common are when the recipient of the message does not exist or when the destination mailbox is full. Smarter Spamming?Email servers offer a simple measure against SPAM by only accepting emails that have a valid source domain. i.e. The domain exists. Spammers are aware of this and have a simple way of bypassing this check which is to mimic email addresses from a valid domain. Spammers use several methods for harvesting email addresses from the web. One method is the use of “Web Spiders”. Spiders crawl the Internet and web sites for email addresses that can be added to a database to be both a recipient, and used as a valid email address for sending spam. From SPAM to BackscatterSo now you’re in the database, you’re likely to be targeted for the receipt of SPAM, and unfortunately it’s likely that a Spammer is going to use your email address at some point to send a batch of SPAM emails. Even though you’re not the true source of the emails, you are the legitimate owner of the “Senders” address. As such any Non-Delivery Report is going to be returned to you. So depending on the frequency of abuse, or indeed the size of the attack, you could potentially about to receive thousands of Non-Delivery Reports thanks to a spammer. Can it be stopped?Unfortunately it is easy to mimic someones email address, however there are measures to firstly prevent you being the source of such a violation, and secondly reduce or prevent the influx of backscatter. The “Sender Policy Framework” or SPF have introduced additional DNS Records (SPF Records) that allow you to specify who is allowed to send email from your domain (Mail Servers). This way, if an email is received by a mail server from a source other than defined in your SPF record, the connection will be dropped and the email will not be processed. Note: Googlemail, Hotmail and Microsoft are already implementing policies whereby if an SPF record does not exist, your email may be rejected. Other options include disabling all catchall or wild-card mailboxes. When this feature is disabled the spammer has to match your exact email address and not your domain, so your mail server will not be accepting non-delivery reports for email addresses which do not exist on your mail server. It is also recommended that you configure your mail server to reject during SMTP transmission rather than bounce email messages which cannot be delivered. Email servers such as Microsoft Exchange, Postfix, Sendmail and Qmail have patches to improve the behavior to create less backscatter. A better solutionUsing an external host to relay and filter your inbound email can prevent the receipt of SPAM and Backscatter, as well as reduce the loads generated by SPAM on your local mail servers. Be low are a few more resources to give a little more information on the subject. The Backlash!The source of a Backscatter attack is no the SPAMMER, but it is the servers that are not configured to reject emails for invalid email addresses. These servers, although they’re the victim of an actual SPAM attack are now being listed on a UCE Blacklist (http://www.backscatterer.org/), which in turn gets your outbound email rejected due to your server being listed on a Black List. As you can see, it is important to configure your email and DNS services correctly to ensure your neither the subject of a backscatter storm, nor listed unknowingly in a Blacklist. Other ResourcesOpen SPF – http://www.openspf.org/ Commonly used passwords exposed and recommendationsMay 4th, 2010Users with weak passwords are the primary security vulnerability within many organizations IT infrastructure. Users generally forget passwords fairly regularly unless the password is something easy to remember or pertinent to them. This method for generating passwords makes them susceptible to dictionary attacks. A recent report by the DB Security Company Imperva based on 32 million passwords exposed from the rockyou.com security breach has highlighted patterns and the most popular passwords used. The full report is available here. The Top Ten Common PasswordsThe Top Ten common insecure passwords are:
Key findings:
The effect to businessesEven though Microsoft are trying to enforce password policies in the design of their Active Directory infrastructures, many IT Administrators are disabling these features at the request of management. This is causing major vulnerability. In our market place, the Microsoft Small Business Server is key to many SME network deployments, and features such as Remote Web Workplace, Outlook Web Access and VPN access are enabled for many users. The flaw to this is that in an SME environment the number of users is small, and as such usernames are generally easy to guess as many companies use just First Names as the username. It’s much easier for a hacker to attempt a brute force attack on First name combinations rather than the more complex First name Last Name permutations. For example, the username of “chris” who has a password of “123456″ or “Password” is going to be very easy to break. If Chris happens to be at Director level, there is going to be no end of information that can be accessed by the hacker. Our Recommendations for UsernamesSo our recommendation in a business domain is that usernames are based on a pattern that is not directly related to First Names, but either has a prefix or is based on First name and Last Name to infinitely increase the username possibilities. If you’re signing up to a web site that shows a “Screen” or “Nick” name, ensure this is different to your username. Our Recommendations for PasswordsUsing passwords based around your name, family, or words found in a dictionary are not secure as these are the basis for simple dictionary attacks. Many websites now offer a scale of complexity when signing up provide a guide to users about their passwords. It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password. So to sum up, in a business and web environment it is important that both your usernames and passwords are designed to increase complexity to reduce the effectiveness of a Brute Force attack, and never use one of the passwords listed above. |
