Get this Security+ CertiGuide for your own computer. |
Click Here! Use coupon code "certiguide" to save 20%! (Expires 2004/12/31) |
|
Also available: 300-question Security+ practice test! |
Get It Here! |
|
|
Implementation Flaws
And then, as always, there are implementation
flaws. Both Sendmail and Microsoft Exchange are infamous for bugs affecting
mail server security. Rather than go through a laundry list of bugs
here, well just say that there have been problems in both which
could result in an attacker gaining system administrator privileges.
See your vendor for details theyll have plenty of them.
There is no excuse for not watching for security bulletins and keeping
key software packages, particularly ones as widely used as those email
servers, updated with the vendors latest security fixes. If you
dont, your mail server risks death by script kiddie.
Still other vulnerabilities involve
purely content issues -- undesirable messages sent via email, including
Spam and hoaxes which are discussed in the next section.
Email Security
Email security issues include:
· Header and data privacy during transmission, logging and storage
· Lack of sender authentication in protocols for sending mail makes sending spoofed emails (with forged sender information) easy (this is a reason to use S/MIME or PGP)
· Some mail-related protocols such as POP3 and IMAP still require the user to send user/password information in clear text or with weak encryption, allowing attackers to obtain user passwords
· Issues in email-related client and server programs
· Risk for transmission of undesirable content such as viruses. |
Email in the Real World
How does your organization handle email? Do you have an email security policy? How much sensitive information can be gained about your organization by sniffing email packets as they travel around the network? You might want to look into implementing S/MIME or PGP. |
If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|