Site icon DED9

How To Secure Email Servers? E-Mails Are Still The Main Communication Channel For Official And Official Correspondence

How To Secure Email Servers?

While Messengers And Social Networks Are Gaining Traction, Some Experts Believe That The Use Of E-Mail Has Changed, E-Mails Are Still The Main Communication Channel For Official And Official Correspondence.

Secure Email Servers, For this reason, content stored on enterprise email servers has become more important than ever, and the issue of email server security should not be overlooked.

Email Server Security Challenges

Ensuring the security of email servers is one of the most important things that organizations should pay attention to because emails are still one of the most widely used communication mechanisms that host important information. As a result, if business confidential data stored on these servers is exposed, the serious economic damage will be done to businesses.

In addition, email servers must operate continuously so that users can access them at all times. If the servers fail for any reason, they can lose customer information and cause serious problems for the business. To prevent servers from malfunctioning, data loss, and other adverse events, you need to think about securing and configuring email servers so that you can quickly identify and fix vulnerabilities.

Potential vulnerabilities

When we talk about security breaches, we mean that there are one or more patched vulnerabilities that hackers could exploit. Indeed, it is impossible to deal with all the vulnerabilities, but we can reduce their number. To do this, we must follow security guidelines when configuring email servers to minimize the problems that we will address.

In this article, we no longer intend to mention the need to pay attention to installing operating system security patches and applications because we have talked about them in detail in previous issues of Network Monthly.

Unauthorized access

One of the most common attacks on email servers occurs when hackers circumvent authentication mechanisms to access users’ data. The first step to deal with this issue is to adopt strict policies for selecting strong passwords used to access the server.

This prevents passwords from being detected under the influence of pervasive search attacks, which is a common way to bypass the authentication mechanism. Another way to protect servers from user password hacking attacks is SMTP-based authentication.

Challenges related to data leakage

One of the most important goals of hackers is to gain access to users’ personal information. When an email is sent over the Internet, it goes through various paths and hops, most not secure. It is technically possible to interpret passwords, usernames, and even the content of messages. Incoming and outgoing emails should be encrypted to prevent such problems. To do this, the IMAP, POP3 and SMTP protocols must be encrypted using SSL / TLS certificates.

Spam

One of the common problems associated with emails, especially corporate emails, is the problem of spam. Spam Challenges are divided into two groups: sending spam to the user’s email client and sending spam to other clients based on the Open Reply technique. To prevent the Open Relay problem from occurring, the mail relay parameters of the server must configure correctly.

Content filtering mechanisms should use to prevent these problems. These filters are installed on an email server or a proxy application to protect access to the server. This program can be a firewall, proxy server and similar examples.

Another solution is to use a blocklist of spam servers. For example, blocklists based on DNS NDSBL, SPAM URI RBL SURBL, or local instances that contain spammers’ IP addresses are significantly prevented from receiving spam in the mailbox of mail servers.

Malware problems

Email servers and clients are constantly exposed to malware threats. When an email server becomes infected with malware, not only is the stability of the system compromised, but the clients that use it are also under serious threat. Other problems that malware poses are the loss of comprehensiveness and privacy of personal data and the spread of malware through email clients. To solve this problem, you need to use protection mechanisms against malware such as anti-virus.

Service Deprivation Attack (DoS)

The deprivation of service attacks caused by corporate email servers is completely destructive and prevents clients from sending or receiving emails. The above problem seriously damages the reputation of an organization. To prevent this problem, you should try to minimize the number of connections to the SMTP server as much as possible and limit the number of connections to the server at specified intervals and the number of simultaneous connections.

Server stability and performance

When we talk about maintaining server performance, we must think about implementing a load balancing mechanism in a server attack and malfunction. Most organizations use a backup server in this case. For email servers, the above process is done through two MX records for each domain. Email servers offer SMTP authentication options.

If the above option is enabled, you must have a username and password to send an email to the server. Enabling this option is important because it protects the server against sending out repeated requests.

In this case, uninterrupted server performance is guaranteed. Another important option that needs to be set up and configured properly is Mail Relay. The above option allows you to specify through which IP addresses the server can send an email. This is used to prevent large numbers of messages from being sent to destabilize the server. Another powerful solution available to maintain server performance is the Reverse DNS system mechanism.

The above filter can use to compare IP addresses with hostname and domain. In addition, the server can use against malicious emails based on this strategy.

Preparation of required documents

The first step is to figure out what, why and how it should address. These three questions are vital and should be answered carefully during the review and audit process, focusing only on the most important details.

You can use NIST SP 800-45 checklists when preparing the checklist. After preparing the list, specify the scope of work and the necessary resources. Once you have prepared a report on the current state of server security, you should first evaluate the highest priority issues and examine their problems.

Analyze identified problems

In the analysis process, the risks should evaluate based on the following equation.

Impact × Probability Exposure to risk

 (Impact × Likelihood × Exposure)

Give each of the above points between 1 and 5. The number 5 indicates that a simple problem cannot bypass, and the number one indicates that the item on the list is not a serious security challenge.

The explanation of each of the parameters listed in the above equation is as follows:

After evaluation, all identified problems are sorted by the degree of risk-based formula (impact × probability risk). In the next step, any event that is riskier than the specified value should be investigated. This assessment helps to identify events (vulnerabilities (cyber threats such as data loss), defects (loss of loyal customers due to spam). And less important problems so that vulnerabilities and shortcomings can be prioritized to address them.

 Repair vulnerabilities

Typically, there are three solutions to the so-called vulnerabilities:

  1.  Use a newer version of the software or replace the software with another safe software.
  2.  Install third-party software that can fix the problem.
  3. Disable problematic features.

The important things to look out for are the level of risk, the budget involved, and the resources needed to make the terms. Each of these factors has a major impact on the timing of remedial action and prioritization. So it’s best to fix simpler and easier problems to solve, rather than postpone them. Typically repairing complex vulnerabilities is a time-consuming process that takes several days, so it’s best not to sacrifice small but dangerous problems for complex vulnerabilities. It is recommended to group vulnerabilities that can fix with a simple modification. This will save you money in the long run.

A Case Study of Cyber ​​Security

Exchange Server is one of Microsoft’s most widely used email servers currently offered and is only installed on the Windows Server operating system. In addition to standard protocols such as SMTP, POP3 and IMAP, the software can support specific protocols such as EAS and MAPI. To get an overview of security measures related to managing and identifying vulnerabilities around email servers, in this section, we will take a look at Exchange Server from a security perspective. The most important components of Exchange Server are:

Given that Exchange Server plays a key role in managing emails, it must be properly configured and evaluated regarding security settings and anti-malware because malware infection affects the server and the clients who use it. Puts. In this step, we intend to review the process of testing and evaluating a concept server based on the policies mentioned at the beginning of the article.

Software test

Exchange Server security testing is best done based on organizational considerations and current environment infrastructure settings. Typically, an organization’s communication infrastructure may be based on the following scenarios:

Personal data leakage protection test

In the above test, the connections between the Exchange Server and the email clients are interpreted. The above operation should perform based on the following checklist:

  1.  EAS, MAPI, IMAP and SMPT email protocols are configured on the email server.
  2. The email client must be installed and tested on the OWA web client, mobile and desktop (Atloc, Thunderbird).
  3. Hardware configuration performs to simulate a middle man attack (MITM) between server and client, and then Wireshark, tcpdump, and Fiddler use to analyze the data.
  4.  Data is transferred between client and server via IMAP, MAPI, EAS or SMTP protocols.
  5.  The middle man attack interprets network packets, and attempts are made to identify unencrypted data.

Spam protection test

An example Exchange Server protection test against spam is based on the following scenario:

  1. It is best to set up several local email servers to send spam to the tested Exchange Server.
  2. . Send some spam to Exchange Server and use the available scripts to create spam.
  3.  Once spam is sent, the inboxes that are targeted should be checked to see if spam has been sent to them.

It is best to perform this test for cases where anti-spam filters for Mailbox and Edge Transport Server are enabled and disabled. This helps to evaluate the effectiveness of anti-spam mechanisms.

Test for protection against malware-infected emails

It would be best if you had several malware-infected attachments to perform a test to protect against emails infected with malicious attachments. The Standard Anti-Virus Test File is best to perform the first test using an EICAR file called Eciar. This file is not originally malware and does not contain any malware. However, most antivirus software identifies it as a malicious file. In this test, it is best to use files that have been created for a specific purpose. For example, use special dynamic library (DLL) files that do not contain malicious code, but antivirus detects them as infected files.

Then perform the test based on the following steps:

  1.  Disable Malware Protection on Exchange Server.
  2.  Send several malware-infected emails to different clients.
  3.  On recipient clients, search for emails to find malware.
  4. Repeat the same scenario for the case where the Malware Protection Agent is enabled on the server. In addition, repeat the test if this factor is enabled for Edge Transport Server.
  5.  Now compare the results.

User password test

To test the reliability of users’ passwords, we can use Hydra, which is in the Kali Linux distribution. The above software allows us to identify weak passwords based on the pervasive search attack vector. In this test, the attack is performed through SMTP, IMAP and POP3 protocols.

Test for protection against deprivation of service

To test for protection against deprivation of service attacks, you should simulate traffic to test the stability of Exchange Server services in the event of such attacks.

In addition, it is better to simulate various network failures. You can use software such as WANem for this purpose. In the above test, check which Exchange Server is more resistant to attacks and how fast the recovery process occurs when an attack occurs. When performing the test, consider the above accessibility and check if the database accessibility component of the Exchange Server is enabled. In addition, is there another server intended for backup?

Results

Once you have done these tests, you should classify the results in Table 1 to make the vulnerability repair process easier.

 Report Exchange Server test results

 

last word

This article has examined email server security and shows the important points you should pay attention to when performing security tests. In addition, we provide an overview of attacks that target email servers, briefly analyze them, and show you how to identify and repair vulnerabilities.

Finally, as a case study, we examined the security status of Exchange Serve, a popular server based on the Windows platform. Finally, it should note that the purpose of preparing the above article was to show that server security should consider in the early stages of planning to install a server because planning to deal with potential threats prevents serious damage to the reputation. Enter the organization.

Exit mobile version