So what can be done? Well introduce a company Web Policy of course!

Sounds onerous? It need not be if you follow the steps suggested below.

Step 1: Establish Who and What You Need to Protect

It’s important to determine who you need to protect and what is of value.

Who do you need to protect? (consider)

• Employees
• Visitors, customers and contractors (onsite access)
• Branch and remote offices and mobile workers

What is of value?

• Customer records
• Employee records
• Intellectual property
• Financial information
• Competitive information
• IT systems, access information
• Organisation/Company reputation

Step 2: Understand Your Company’s Web Security and Productivity Requirements

This centres on finding the right balance between making the network secure with methods that do not impinge on the productivity of staff.

It’s important to safeguard your company from Web threats and maintain a productive working environment. Once you understand your company’s Web security and productivity requirements, you can better evaluate the available Web solutions.

Step 3: Understand Web Security Methods

Here we need to think about future needs and expectations as well as what is currently in place. Does your current solution contain both reactive and proactive methods. Let me explain.

• Reactive Methods – Though they are useful in detecting known threats and enforcing policies, traditional security methods such as anti-virus scanning, URL (web address) filtering and reputation scores are reactive, and therefore less effective in protecting against new malware. These solutions block known viruses and worms by comparing content against signature databases, URL categories or reputation scores, all of which need to be updated each time a new attack is discovered.

• Proactive Methods – Today’s sophisticated attacks require a solution that analyses content behaviour in real time and determines whether the content is malicious. Scanning all active content as users access it and blocking malicious content at the gateway is extremely important. Proactive control like Real-time Code Analysis detects mailicious intent of new emerging malware.

Step 4: Evaluate Web Security and Productivity Solutions

In reality, no organisation is immune ot security threats. When evaluating web security solutions, it is important understand the technologies used and how effective they are at preventing malware attacks. Below is a list of security methods employed in numerous companies/organisations.

• URL Filtering

URL (Web Address) Filtering controls employee browsing habits and improves productivity and network performance. Although millions of URLs (Web Addresses) are scanned each day, URL filtering has become ineffective in detecting modern malware because the majority of infections occur through legititmate websites (see my previous blog). URL filtering was designed to be a productivity tool – not a security tool. As such, it doesn’t detect and block mailicious code stored in legitimate caching servers, search engines or Web 2.0 sites.

• IP Reputation Lists

Reputation scores are assigned to domains using parameters such as the IP of the hosted site, the site owner, how long the domain is registered and whether the URL appears in mass SPAM emails. Reputation scores only apply for the name of the domain registrar - not for individual web pages, so malware infected pages can existing on legitimate websites that have high reputation scores.

• Anti-Virus

Useful for blocking known attacks in the first line of defense, gateway anti-virus solutions look for signatures for known attacks, require days or longer to release a new signature and often miss attacks that use SSL, code obfuscation and other anti-forensic methods.

With dynamic cyber-attacks, malicious content is morphed during distribution, so no matching signature is available.

• Real Time Proactive Technology

Therefore, it is important to scan all content as users access it and identify threats without the need for a historical signature database lookup. With Real Time Code Analysis, all inbound and outbound Web content is scanned, and analysed at the time of the request – before it is delivered to the user. Bydetermining code intent, known and undiscovered Crimeware, malware, Trojans, targeted attacks and other malicious web content are detected and blocked before they can penetrate company networks.

Step 5: Implement an Effective Internet Acceptable Use Policy (AUP)

Establish through policies that address all Web, social networking and Web 2.0 tools currently in use or that might be used in the future. To be successful and Acceptable Usage Policy must be enforceable. This usually requires the installation of security software or hardware that monitors, blocks and reports inappropriate use of a company’s IT infrastructure.

That’s it for now. In my next blog I will outline the considerations and essential elements of an Acceptable Usage Policy.

Thanks

Richard

What is it? In brief, backscatter is the influx of Non Delivery Reports (or NDR’s) into a victim’s Mail Server (or MTA).

What is an NDR?

Mail Transfer Agents support a service called Delivery Status Notification (DSN) which allows end users to be notified of  the status of an email, such as the successful or failed delivery of email messages.

A non-delivery report is a status message sent by the recipient or interim email server that informs the sender of a email message delivery failure. There are several issues that can trigger an NDR, the most common are when the recipient of the message does not exist or when the destination mailbox is full.

Smarter Spamming?

Email servers offer a simple measure against SPAM by only accepting emails that have a valid source domain.

i.e. The domain exists.

Spammers are aware of this and have a simple way of bypassing this check which is to mimic email addresses from a valid domain.

Spammers use several methods for harvesting email addresses from the web. One method is the use of “Web Spiders”. Spiders crawl the Internet and web sites for email addresses that can be added to a database to be both a recipient, and used as a valid email address for sending spam.

From SPAM to Backscatter

So now you’re in the database, you’re likely to be targeted for the receipt of SPAM, and unfortunately it’s likely that a Spammer is going to use your email address at some point to send a batch of SPAM emails.

Even though you’re not the true source of the emails, you are the legitimate owner of the “Senders” address. As such any Non-Delivery Report is going to be returned to you.

So depending on the frequency of abuse, or indeed the size of the attack, you could potentially about to receive thousands of Non-Delivery Reports thanks to a spammer.

Can it be stopped?

Unfortunately it is easy to mimic someones email address, however there are measures to firstly prevent you being the source of such a violation, and secondly reduce or prevent the influx of backscatter.

The “Sender Policy Framework” or SPF have introduced additional DNS Records (SPF Records) that allow you to specify who is allowed to send email from your domain (Mail Servers). This way, if an email is received by a mail server from a source other than defined in your SPF record, the connection will be dropped and the email will not be processed.

Note: Googlemail, Hotmail and Microsoft are already implementing policies whereby if an SPF record does not exist, your email may be rejected.

Other options include disabling all catchall or wild-card mailboxes. When this feature is disabled the spammer has to match your exact email address and not your domain, so your mail server will not be accepting non-delivery reports for email addresses which do not exist on your mail server.

It is also recommended that you configure your mail server to reject during SMTP transmission rather than bounce email messages which cannot be delivered. Email servers such as Microsoft Exchange, Postfix, Sendmail and Qmail have patches to improve the behavior to create less backscatter.

A better solution

Using an external host to relay and filter your inbound email can prevent the receipt of SPAM and Backscatter, as well as reduce the loads generated by SPAM on your local mail servers.

Be low are a few more resources to give a little more information on the subject.

The Backlash!

The source of a Backscatter attack is no the SPAMMER, but it is the servers that are not configured to reject emails for invalid email addresses. These servers, although they’re the victim of an actual SPAM attack are now being listed on a UCE Blacklist (http://www.backscatterer.org/), which in turn gets your outbound email rejected due to your server being listed on a Black List.

As you can see, it is important to configure your email and DNS services correctly to ensure your neither the subject of a backscatter storm, nor listed unknowingly in a Blacklist.

Other Resources

Open SPF – http://www.openspf.org/
SPF Record Creator – http://old.openspf.org/wizard.html
Microsoft Sender ID Framework - http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Reducing Backscatter on Exchange – http://www.avianwaves.com/Blog/default.aspx?id=31

Free email services such as Hotmail and Googlemail offer a high level of filtering services as standard, but these are geared towards individual users.

For the rest of us, here are a few top tips to prevent help prevent the infestation of Spam in your inbox.

Top Tops for Spam Reduction

• Disable the Automatic Download of Images – Applications such as Outlook do this as standard. Why? Firstly, it saves on bandwidth if you don’t really need the image. Secondly, and more importantly, spammers can track which users download the images which allows them to track legitimate email addresses and record them for futher spam attacks.
• Never follow links in SPAM – Again, URL tracking is in place which allows a Spammer to tack and target legitimate addresses.
• Avoid the use of a Catch All address – Put simply, you’re generating a honeypot for spammers as every possible conceivable email address will be valid and you will receive far more SPAM in your inbox.
• Use generic email addresses on the web – Never use a private email address on web sites. Web Crawlers are constntly trawling for email addresses to add to their database. So use info@ rather than your personal email to keep the SPAM out of your inbox.
• Sign up for a Googlemail Account – And use it just for signing up to sites/forums or any other site you need to enter an email address in order to access information. As mentioned previously, they have great SPAM filtering systems and it keeps your inbox clean. Googlemail
• Read Privacy Policies – Following on from the last point, don’t just tick the box and sign up. Read a web sites privacy policy to ensure they’re not going to pass on your details. Additionally, watch out for “pre-checked” boxes signing you up to mailshots.
• Use an email client with a Junk Filter – Microsoft Outlook and Mozilla Thunderbird both have built in filtering engines to help keep your Spam email under control.
• Never use TO or CC on Mailshots – A mistake made by many people. Always BCC users on a Bulk Mailshot. This keeps the groups email addresses private and prevents mail loops and mail scatter.
• Disable Automatic Read Receipts – Your just letting Spammers know they can send you more mail.
• NEVER REPLY TO SPAM – Need we say more?
• Do not pass on Chain Messages – They may occasionally be funny, but read down the next one you receive. How many email addresses appear in the message. your just adding yourself to a long list of email addresses ready to be added to a database.
• Report Spam – www.spamcop.net – Report any Spam you receive to help yourself and others in the future.
• Consider a Mail Filtering Service – Of course, Ancar B Technologies offers a mail filtering service, but to be impartial, I can also recommend Symantec’s Websense

Avoiding Phishing and ID Theft

Phishing is quickly becoming one of the biggest forms of Spam and is now considered the biggest global threat for Fraud. Here are a few simple tips for ensuring your protection.

• Never Contribute to Charity Emails – If you want to donate, visit the Charities official web site.
• A Bank will NEVER ask you for your details – Under no circumstances will a bank ask you for your personal information on an email. You know who you bank with, if you want to log in to check anything, go to their site yourself.
• If it looks like spam, it probably is – Simply delete it.
• Never provide personal information – If an email asks you for personal information, delete it.

These steps are only simple, and generally common sense prevails. But following these simple tips will reduce the Spam in your inbox and also provide protection against Identity Theft and Fraud from Phishing emails.

Happy Emailing!