Email Security
Email security can be assumed as describing different procedures and techniques for protecting email accounts, content, and email communication against unauthorized access, loss or compromise. Mail is the prime method or common entry point used to initiate an advanced attack. Presently everyone uses either on-premise or cloud based email and for everywhere, malware, whaling, spam and phishing emails are common.
Many attacks usually done using misleading messages to seduce users to disclose sensitive information through requesting to open attachments or click on hyperlinks that install malware on the device. A small loophole can down the entire network. Sometimes experience professionals also fall as victim to such kind of attacks.
So below are some best practice guides for in depth email security.
Setup SPAM filter:
A SPAM filter saves the user from all the incoming mails. This is very crucial for the email security. Dedicated appliances are available in market to handle large amount of mails. Always remember to take subscription on DNS Blackhole list. This will block most spams in mail.
A Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Mostly all mail server software can be configured to check such lists, typically declining, or flagging messages from such harmful sites.
Enable rate control to prevent remote senders from overwhelming the server. Enable content analysis to heuristically block or quarantine probable spam.
DLP Rules:
Set up powerful data leak prevention (DLP) rules which can help to stop outbound email data loss and can have capability to set allow/deny lists.
Enable SPF
It is used to prevent email spoofing. A sender policy framework (SPF) works by publishing a DNS record of which servers are permitted to send email from a specific domain. SPF should be enabled on all edge email server to ensure that both emails coming into your organization can be checked for SPF.
Enable DKIM
Domain Keys Identified Mail (DKIM) adds an encrypted signature on every message that can be validated by a remote server against a DNS TXT record. Failure to use DKIM decreases the integrity of email and increases the likelihood of the domain being blacklisted.
Set a Throttling Policy
In some cases, a legitimate user becomes a spammer because of falling for a phishing scam or otherwise had their password compromised. So, restrict the number of recipients per sender per day and number of emails per day to prevent the account compromised. Throttling policy settings are stored in Active Directory. With the throttling policy, users associated can have a maximum of defined concurrent requests running in Exchange Web Services.
Email Encryption
To ensure end-to-end privacy for emails is to encrypt the email itself between the sender and the recipient.
Attachment Restriction
Email attachments is also considered as an effective malware delivery system, so it’s important to restrict the types of attachments that come through your server. The most dangerous file types are executables, so extensions such as .exe, .bat, .vbs, .jar, and so forth should always be blocked. The attachment size should be restricted.
Keep Security logs
Retain all the logs. It’s a good idea to develop a log retention policy for your site. This should include what type of information is stored and for how long whether online or offline and whether the data is confidential.
There are top solution providers for email security in market and are Microsoft Defender for Office 365, Cisco Email Security, Barracuda Essentials, Forcepoint etc.
So, this is just a basic information on email security steps. You can do further research to get the required information.
Feel free to comment your suggestions.
Thanks
-DR
No comments:
Post a Comment