Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Tip #25: E-mail (PGP, Attachments, etc), IM, IRC

Published: 2007-10-25
Last Updated: 2007-10-26 01:18:28 UTC
by John Bambenek (Version: 4)
0 comment(s)

Today's issue revolves around the various thin communication mechanisms of e-mail, instant messaging, and IRC.  With spam taking up about 90% of all e-mail going across the Internet, what can be done to make it a reliable mechanism?  Instant messaging is increasingly being used to exploit end users and with phishing striving to look more "legitimate", instant messaging provides a crucial attack vector.  IRC is not just for botnets, how can those who use it do so safely?

Send in your tips here and I'll update the diary with the best of the best as the day goes on.

 Updates:

"This one is tough, but let me take a stab at it:
1) Close those !@$#% open SMTP relays!
2) Do Reverse Lookups on all inbound email. This will provide some level of assurance that the person sending the email is are from where they claim to be from. They problem with this is that there are many misconfigured mail servers, so consequently mail will bounce form legit users until their Mail Admins fix their servers.
3) Use a Spam filter. It's not perfect, but it's an improvement.
4) Black list those sites where users "sign-up" for spam. You know the free offer sites. We should also consider boycotting the companies which use those sites for advertising.
5) Maintain a "Junk" Email account. Whenever you have to give out your email address online to a site that you don't trust, use a junk address.
6) Consider filtering or alerting on outbound SMTP patterns. This way you may be able to catch bots on your network." (Nick)

1. “Don't open unexpected attachments. If you weren't expecting an email, even if you know the person, send an email to them asking if they meant to send you a file and with the particular subject line that was included.
2. Don't click on links in email. Pull up a new browser, manually type the website address in from memory. You just avoided ebay and paypal fraud without breaking a sweat.
3. Use the BCC (blind carbon copy) field when emailing to groups. One way spammers get email addresses by infecting peoples PCs and collecting all the email addresses they find on the box. Well, less email addresses showing up, less people who get spam.
4. If you don't have anti-virus software on your box, you don't get my email address.
5. You don't get my email address if you aren't family and I can't figure out how you are making a profit.
6. Never forward anything that 'MUST BE FORWARDED' to everyone, ever. And if you do (see the first rule), clear off all the extra from addresses, clean up the subject, and send it on using BCC.” (Wayne)

“Another really really important tip is to *not* allow executable type files. This would be DLL's, VBS's, EXE's, PIF's, SCR's just to name a few. If your SMTP filter product is able to scan files at the binary level this is great since they can detect an executable file even if it's renamed with a different extension.” (John)

 “Use a "Gray List"
Sendmail servers can be configured to send an error to each message received from an unverified source. Mail from known good sources (the White List) are processed without complaint.
Servers sending legitimate mail will retry the transmission. Spammers and open relays quite often will not.
This does introduce a small delay while waiting for the sending server to retry, but offering this as a user-configurable option alongside traditional spam filters provides another tool in the battle of the inbox.”(Greg)

"If you read your email with a browser and are curious about a dubious e-mail you can always look at it with "View -> message source."  That way your browser will not be tempted to execute anything."(Jonathan).

 

 

--
John Bambenek, bambenek -at- gmail [dot] com
University of Illinois

Keywords:
0 comment(s)
Diary Archives