Basics of Email Security: No Chance for Phishing and Trojans!

Basics of Email Security No Chance for Phishing and Trojans
Emails are still the most important means of communication for companies, and at the same time they are the most important entry route for malware into a company network. Ransomware, phishing, virus-infected attachments and even spam are concrete threats to IT security. Administrators need to know what to do to secure the mail transmissions in their networks.

E-mail is still one of the most important means of communication today. Unfortunately, it is also one of the most insecure. Mails are usually transmitted unencrypted over the network. In addition, mail technology is also intensively abused to transmit malware, phishing links and the like. This is mainly due to the low cost and ease of obtaining huge amounts of mail addresses. But how can an administrator secure his mail communication?

Antivirus and Anti Spam

First of all, it is recommended to scan the mail traffic on the gateway for viruses and malware. Virus scanners are available for most Next Generation Firewalls and UTM solutions. While they do not replace an anti-virus solution on the client in all cases (more on this later), they are relatively easy to configure and manage because they operate in a centralized location.

On the Internet gateway, they also see every transmitted traffic and are thus able to filter out known viruses and Trojans as well as spyware from data transmissions, and usually not only for mail data, but also for other important protocols such as HTTP. As scanning engines, appliances typically use one of the engines from the leading anti-virus vendors, rather than a proprietary development by the appliance manufacturer.

The Internet gateway is just as well suited for use with a central spam protection engine that filters out spam, protecting users from phishing attacks, malicious links, and the like. When it comes to spam protection, it is important that administrators can define exactly which mails are delivered, flagged, quarantined, and blocked. Only then will they be able to tailor their anti-spam solution exactly to the needs of their business. The solution should also support the creation of black and white lists.

READ:  What is DANE (DNS-based Authentication of Named Entities)?

Both the anti-virus and anti-spam functions can usually be used on firewall and UTM appliances via a subscription model, which means that annual or monthly costs are incurred.

Anti-virus and anti-spam solutions on the clients

In some environments, it can also make sense to use client-based anti-spam or anti-virus programs. Either as an additional layer of protection or in environments where the mail server is located at a provider and therefore the company’s administrators do not have access to it.

Many anti-virus software vendors offer security suites that also include an anti-spam function, but there are also stand-alone anti-spam products for Outlook and other widely used mail clients. These solutions are particularly suitable for environments where the responsible employees do not want to install third-party anti-virus products, for example, because they prefer Windows Defender.

Regardless of which product is ultimately used, it is of great importance in the company that it can be managed from a central location, otherwise, the administration quickly becomes very time-consuming.

A dedicated solution for mail protection

However, there are not only protection functions on clients and Internet gateways, but dedicated security products are also available that are dedicated exclusively to securing mail traffic. These work as appliances in the network or in the cloud and detect or block unwanted e-mails. In this way, malware and spear phishing attacks can be prevented, spam filtered out, and the like.

Configurable policies help in this context to recognize the right mails and definable measures for threat prevention then automatically ensure that users in the network are protected from the harmful mails. As a rule, such solutions, just like gateway-based products, also generate alerts and reports that warn and inform the responsible employees as needed.

In addition to the detection function for malicious mails, the components of a mail security solution today often include URL checkers that check the links contained in the mails and thus identify malicious websites and detect URL manipulations.

However, other application scenarios are also conceivable: For example, there are products that have an image analysis function and can thus identify and block pornographic or otherwise inappropriate images in e-mail attachments. Such solutions can therefore also be used in part to enforce corporate policies and are not limited to pure IT security.

READ:  Keeping Outgoing Network Traffic Under Control in macOS

Encryption

Email encryption is not used to protect the company from possible attacks, but to protect the contents of the mails from unauthorized readers. Encryption is still a problematic issue in this area. It is true that many providers and mail clients now support the establishment of an encrypted connection between the clients and the mail servers via SSL/TLS, and many mail servers are now also able to communicate with each other in encrypted form.

Nevertheless, for every mail transmission to external destinations, it remains completely unclear whether all components involved support this type of encryption or not. If, for example, the mail server of the target company does not support encryption, the mails will still be delivered in plain text. The encryption method mentioned above therefore only helps to protect one’s own mail password for logging in to the server; it does not guarantee the encrypted transmission of the emails and attachments all the way to the recipient.

By the way, with this approach, the administrators of the mail servers involved always have access to the unencrypted data anyway since the encryption is only used in transport.

If you want to ensure that the mails are encrypted end-to-end during the entire transmission, you have to resort to other solutions. Various methods are available here, for example, PKI-based encryption with S/MIME or OpenPGP.

However, these have the disadvantage that the sender of the mail must come into possession of the public key of the recipient of the encrypted message in question, as they need this to perform the mail encryption. The recipient then decrypts the message with his private key, which only he possesses. Key exchange is not so easy to implement in practice, and there is no uniform standard for key transmission either.

READ:  What is ISO 27001 Certification And Its Compliance?

Although there are attempts to implement automated options for key exchange, such as EasyGPG from the BSI, these are not supported everywhere and are not known to everyone. For this reason, in practice, it is still the case that most companies use SSL/TLS encryption at best and end-to-end encryption in mail traffic remains the exception rather than the rule. However, if mail encryption is used, it is often combined with a signature that also ensures the integrity of the mail.

Provider offers

Finally, let’s talk about various provider offers that are particularly useful for securing the mail traffic of small and medium-sized companies that do not have their own mail infrastructure. Many providers offer their customers – often at extra cost – anti-virus and anti-spam protection features that can be activated on a per-mailbox basis.

These save administrators’ work by relieving them of the burden of maintaining their own solutions. In practice, however, they can also be problematic, as large providers, in particular, provide only inadequate support, making it almost impossible to solve any problems that arise. For example, it can happen that a spam filter generates huge numbers of false positives due to misconfiguration without anything changing – even after several support calls.

For such cases, the responsible employees should have an alternative solution up their sleeve, on which they can exert more influence in the event of a problem.

Conclusion

There’s a lot you can do for email security, even if you find end-to-end message encryption with S/MIME and OpenPGP too costly. Anti-spam and anti-virus solutions help stem the tide of spam and phishing messages and stop malware from spreading. SSL/TLS encryption between mail clients and servers helps protect user passwords, securing access to mail accounts.

Powerful tools and appliances are also available to help analyze mail traffic in detail and use the information gained to raise the security level of the entire mail environment. However, since it always depends on the environment which features are needed and affordable, administrators must always define their requirements precisely before they set out to protect their mail environments.