Welcome to SecurityDocs

A collection of 8,050 IT security white papers, carefully curated by professionals like yourself

Securing Privacy Part 3: E-mail Issues

by Scott Granneman

This is the third article in a four-part series that will examine privacy concerns as they relate to security. The first installment in the series examined hardware-based privacy issues and solutions. The second installment discussed software-based issues and solutions. This installment will discuss privacy issues that are particularly relevant to e-mail. According to research conducted by Neilson NetRatings, e-mail is by far the most widely used application on the Internet. Unfortunately,...

Sept. 24, 2017 1 comment Symantec Management

I Know Your Filtering Policy Better Than You Do: External Enumeration and Exploitation of Email and Web Security Solutions

by Ben Williams

Email and web filtering products and services are core components for protecting company employees from malware, phishing and client-side attacks. However, it can be trivial for an attacker to bypass these security controls if they know exactly what products and services are in use, how they are configured, and have a clear picture of the solutions' weaknesses in advance of an attack. In this presentation, the Speaker will demonstrate new tools and techniques for the automated enumeration...

Sept. 21, 2017 0 comments www.blackhat.com Management

The Security Implications of Web Based Email

by Eric Trombold

Services like Hotmail, Yahoo mail and Excite mail offer free, web based, email accessible from anywhere on the Internet.According to a survey of 538 IT security professionals by the Computer Security Institute and the Washington D.C FBI Computer Intrusion Squad, 91 percent of the respondents reported incidents of employee abuse of Internet privileges in 2001. That is up from 79 percent in 2000. (1)

Sept. 1, 2017 0 comments SANS Institute

SMTP Gateway Virus Filtering with Sendmail and AMaViS

by Kevin Swab

We hear about it all too frequently - a new computer virus is spreading rapidly though the internet via e-mail causing widespread damage. Educating our users doesn’t seem to be enough - clever social engineering and plain-old curiosity seem to get the better of people every time. While desktop anti-virus software can help, it isn’t a cure-all. The anti-virus signatures may be out of date, or the software itself may have simply been turned off. As the number of desktops in an organization ...

Sept. 1, 2017 0 comments SANS Institute

Stopping Viruses at a Unix Mail Gateway

by Thomas Heinrichs

Many organizations run mail gateways on Unix, Linux, and *BSD. It is desirable to stop viruses at the mail gateway before they reach the recipients’ mailboxes. To retain the trust of those we communicate with, it is also desirable to stop viruses in outgoing mail relayed out through the gateway. Although the Unix solutions aren’t as widely available as those available for Exchange or Notes, it is possible to protect your users from viruses at a Unix mail gateway using both commercial and ...

Sept. 1, 2017 0 comments SANS Institute

Protecting Email in a Hostile World with TLS and Postfix

by David Severski

Internet-enabled communications have penetrated virtually every aspect of daily life. As businesses and organizations become ever more dependent on this rapid transfer of data, they are also becoming increasingly concerned with guaranteeing the security of the elements that make up this web of information. The transmission of web traffic and the storage of data on servers – the twin cornerstones of e-commerce – have been subject to considerable public scrutiny, resulting in the implemen...

Sept. 1, 2017 0 comments SANS Institute

Hotmail: Why Free Email Might Not Be Such a Hot Idea

by Michael Barrett

Microsoft is under scrutiny for problems they have in all areas of computers. I chose to focus on Hotmail which is a single aspect of the Microsoft empire and probably the most widely recognized component. I believe due to the nature of email being accessed by almost all users of the Internet, security problems with these systems impact the biggest group of people who have on average the least amount of security savvy on the Net.Millions of people, including me, use free email services on the...

Sept. 1, 2017 0 comments SANS Institute

Security Features of Lotus Notes/Domino Groupware

by Vivekanand Chudgar

Lotus Notes has been one of the first complete groupware products to hit the market way back in 1989, and ever since it has continued to dominate the Groupware market. Developers of Notes realized the importance of Security quite early, and therefore we see many Industry Standard Security Features built into Notes over and above Security Features unique to Notes. Together, they effectively cover many aspects of Security that are of significant importance today.

Sept. 1, 2017 0 comments SANS Institute

Securing E-mail

by Sharipah Setapa

Security has been an issue in mail from ancient times. Security is still important today. E-mail is as fast and casual as a voice phone call, but can be save and retrieved with infinitely greater efficiency than paper letters or taped conversations. Security in mail deals first with reliable delivery to the addressee. Security, that is confidential, reliable and known delivery is essential to the success of e-mail. In other words people will not use a mail system that they cannot trust to...

Sept. 1, 2017 0 comments SANS Institute

Anti Spamming - How to Filter Unsolicited e-mail on Your Mail Server

by Nam Tran

This document is written from real work experience. In this document, the main software components, sendmailTM and IP Filter will be discussed. The complete solution would require a combination of additional software and hardware components. The solution herein is for the Internet Service Providers (ISPs) and organizations providing email service to their employees, rather than for the end users.

Sept. 1, 2017 0 comments SANS Institute

Beyond Email: Defending Against Malicious Code in a Healthcare Setting

by Dianne Belt

Regular audits by regulatory agencies, such as the Joint Committee on Accreditation of Healthcare Organizations and the Food and Drug Administration, have historically forced the healthcare industry to look critically at how it protects the integrity, confidentiality, and availability of health data, whether automated or on paper. However, the increasing automation of healthcare information management, including the use of the Internet, has made this task more challenging in recent years. B...

Sept. 1, 2017 0 comments SANS Institute

A Practical Approach to Message Encryption

by Edward Skerke

The intent of this paper is to provide a description of my journey of investigation for a practical mechanism of encrypting message content, emphasizing on the mail encryption provided by ZixMailï›› and ZixMail.Netï›› services offered by the Zixitï›› Corporation. The content of this paper will explain the need these products fill from a security and business perspective by highlighting the advantages and disadvantages of these products. I will highlight and compare the features of Zixitï›› 's...

Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication

Implementing a Bulletproof MTA

by Nick Reeves

nstalling and setting up the qmail Mail Transfer Agent can be difficult and complex. What follows below is an instructional how to. The qmail MTA has been chosen because of it’s security, reliability, and functionality. In 1997 Dan Bernstein offered $500.00 to anyone finding a security hole in qmail. As of this writing the reward is still unclaimed, see http://cr.yp.to/qmail/guarantee.html . This is a huge advantage over the sendmail MTA, which has had many published exploits in the past ei...

Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits

A Robust Email Infrastructure using Sendmail 8.12

by Alan Ptak

This document provides an overview of sendmail from a security perspective with a case study to show how sendmail and sound network security practices can be combined to create a robust scalable electronic mail infrastructure. Sendmail has matured and evolved into a robust security-aware message transport agent. Sendmail 8.9 and later versions include security features that can be adapted to a wide range of needs and situations. System security can be assured to a high degree by careful atte...

Sept. 1, 2017 0 comments SANS Institute

Securing Exchange 2000 Server E-mail

by Bill English

The focus of this paper is on how to secure Exchange 2000 Server e-mail. Attack types are presented and solutions are offered in the hopes that many will find new methods of securing their inbound and outbound e-mail. Specific vulnerabilities with Exchange 2000 Server are discussed as well. This paper outlines two common topologies and explains how to use current technologies to ensure e-mail sent to and from an Exchange 2000 Server is both secured and free of malicious code or attachments.

Sept. 1, 2017 0 comments SANS Institute

Securing Email Through Proxies: Smap and Stunnel

by Jim Cabral

Electronic mail was the first “killer application” on the Internet and continues to be one of the most commonly used Internet applications. However, Internet email and sendmail, the venerable application behind most Internet email, have a long and storied history with regard to security. As email has grown in usage and complexity, so have sendmail and other mail applications including POP and IMAP servers, Microsoft Exchange and mail clients such as Eudora, Microsoft Outlook and Netscap...

Sept. 1, 2017 0 comments SANS Institute

The Spam Battle 2002: A Tactical Update

by Karl Krueger

The past two years have been a watershed in the fight against spam, with many changes in the tactics used both by spammers seeking to abuse networks and by administrators seeking to protect them. Many of these changes have notable policy implications. As the cost of spam has increased for ISPs, businesses, and end users alike, keeping up with these methods has become increasingly essential to protect the usefulness of email.

Sept. 1, 2017 0 comments SANS Institute Management

Secure eMail: Determining an Enterprise Strategy and Direction

by Marian Gurowicz

Secure eMail has become a buzzword in business these days. But much like the current magazine advertisement that states: “I just told management the Firewall was secure. (Translation: Do we have a firewall?),” no one is quite sure what secure eMail is.

Sept. 1, 2017 0 comments SANS Institute

Securing Web Based Corporate E-Mail Using Microsoft Exchange Outlook Web Access

by Michael Parker

In today’s hyper-connected environment, it is essential that the workforce remain in touch with their home office and clients. This is often at odds with the fact that a significant portion of the workforce is also a mobile one. To overcome this problem, a number of solutions have been employed such as cellular phones, personal digital assistants (PDA’s) such as Palm Pilots, Blackberry’s and iPaq devices. Each of these has restrictions on the amount of data that can be communicated. ...

Sept. 1, 2017 0 comments SANS Institute

Email in the New Era (Version 1)

by Guang Chen

The Internet provides one of the easiest communications tools ever afforded mankind. Email is a fundamental part of the Internet. E-mail technology provides comprehensive communication, productivity and effectiveness. E-mail has undoubtedly revolutionized the way we conduct business and communication. E-mail address has become another unique identified attribute of people.

Sept. 1, 2017 0 comments SANS Institute


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.