Securing Your Internet Messages
by Cheena Srinivasan, Mirapoint, Inc.
(Originally published in Messaging Magazine, September/October 1999)

Whether you’re evaluating a standards-based Internet e-mail system to bring onsite, or considering e-mail outsourcing vendors, you’ll need to consider many factors in making your selection. In particular, you’ll want to consider security, reliability, adherence to Internet standards, performance, scalability, and price per seat. Chief among these factors, however, is security, and for good reason.

Messaging has become so crucial to organizations that it is probably the most significant piece of intellectual property a company owns. Certainly, e-mail is now the primary vehicle for collaboration and information sharing both within organizations, and with their partners and customers. Yet, with every communication, organizations expose themselves to the risk that important proprietary information will either accidentally or maliciously fall into the wrong hands.

In fact, lack of security is one of the chief reasons that more business is not conducted over the Internet today. This issue cuts across all sectors—medical, governmental and educational institutions, as well as business and service industries. Confidential, sensitive, or classified information, from business financial and strategy reports, to student and patient medical records, to welfare case histories, and weapons designs, must be able to be securely transmitted from one network site to another.

Looking at the issue from a larger perspective, organizations must consider three principle questions:

• What is the real financial impact when customers lose confidence and choose an alternative way to purchase?
• What is the productivity impact when the executive staff doesn’t trust the integrity of its primary means of communication?
• What is the bottom line impact on revenues, for which the information technology (IT) executive is increasingly being held accountable?

It may be unnerving for systems administrators familiar with gateway-based, proprietary e-mail systems to consider migrating their organizations’ messaging systems to the wide-open Internet. However, these administrators can take certain security precautions to protect their companies’ intellectual property and client/customer confidentiality as communications flow over the Internet.

To highlight the available precautions, this article explains the four most important security components that systems administrators should look for when researching commercial, Internet-based e-mail systems:

• user authentication,
• end user and administrator session encryption,
• virus and SPAM protection, and
• system security protection.

Together, these components can provide a highly secure environment for your organization’s Internet e-mail users, partners, clients, and customers.

User Authentication: "Who Goes There?"

User authentication verifies that the person logging in is who they say they are. The simplest authentication scheme requires each user to supply a username and a password. A primary administration goal with user authentication is to limit the number of names and passwords that users need to remember in order to access network resources. Additional usernames and passwords add layers of complexity, which usually require additional support.

With that in mind, consider an Internet-based e-mail system that supports well-known proprietary and up-and-coming standards-based authentication methods, including any that already exist on your network. Deploying an e-mail system that already works with your environment prevents you from having to overlay or replace one authentication mechanism with another. With this said, don’t forget to look to the future. The system you deploy will be expected to function for some time, and it will need to weather the coming changes in Internet protocols. So, while you may be running Network Information System (NIS) on your Sun Microsystems platform now, you will want to "future-proof" your system as the industry moves to standards-based protocols, such as the Internet Engineering Task Force (IETF) Lightweight Directory Access Protocol (LDAP).

LDAP, a directory service specification with security and authentication features, is considered to be the future of Internet-standard authentication. Savvy system administrators would be wise to plan for eventual migration to LDAP as they adopt Internet-based e-mail systems.

Another user authentication feature to consider is access control list (ACL) support. The IETF Internet Messaging Access Protocol 4 (IMAP4) provides a rich set of capabilities, including server-based mail storage, message header viewing, and ACL support, an important security feature. Access control lists allow administrators and users to create shared folders and give other users different read, write, edit, or delete permissions for that folder—a kind of bulletin board functionality. You can also post information to a folder and limit access to that folder. The Internet-based e-mail system that you choose should support the full implementation of IMAP4, including full ACL support shared folders.

Session and Content Encryption: The Keys to Your Kingdom

Encryption keeps information private by scrambling the data using an encryption/ decryption algorithm. Security of Internet-based e-mail involves both session and content encryption.

Session encryption, which occurs between the e-mail client and server, protects the Internet connection itself. In other words, it prevents hackers armed with packet sniffers from stealing passwords, impersonating users, and accessing their data. At minimum, most Internet e-mail systems support Secure Socket Layer (SSL), an IETF Web protocol used by popular e-mail clients and Web browsers to protect GUI-based end user and administrator sessions. However, hackers can also detect unprotected character-based administrative passwords, and gain access to an e-mail server’s management functions. Protecting character-based Telnet administrator sessions outside the firewall requires Secure Shell (SSH) support. Make sure that the Internet-based e-mail system that you evaluate supports both SSL and SSH session encryption protocols.

Content encryption and decryption occur at the users’ desktops. In this case, you’ll want to ensure that your Internet-based e-mail system can support popular content encryption protocols, such as Pretty Good Privacy (PGP), or Secure Multipurpose Internet Mail Extension (S/MIME). S/MIME, the emerging standard for encrypting Internet e-mail, is based on the standard Simple Mail Transfer Protocol (SMTP) message format. S/MIME employs a dual-key encryption scheme. A public key is stored in a database or network directory, and a private key is known only to the end-user. Users combine the keys to create a unique session key that encodes and decodes e-mail messages.

Virus and SPAM Protection: Building a Strong Immune System

By now, nearly everyone has their own horror story of what happened after a worm virus, such as Explore.zip, hitchhiked its way on e-mail attachments into a corporate network.

The menace of viruses can be long-lasting and highly destructive. In addition to any immediate damage that viruses might cause, they can also contain "Trojan horse" programs that hide their activity until they set off malignant processes at a later time. Unfortunately, the only sure-fire response to such an attack is to erase the hard drive, reinstall the operating system and software, and then restore the data from backups that predated the attack. This is an extremely time consuming process that still leaves users without the changes they made and new files they created between the latest backup and the introduction of the virus.

Originally, virus protection focused on the desktop, because viruses were spread over the "sneaker net" as users shared files on floppy disks. However, in recent years, e-mail has replaced floppy disks as the primary transport vehicle, and, hence, the primary "vector of contagion."

As a result, the security strategy has shifted to looking for and blocking viruses at the e-mail server, to prevent viruses from ever reaching and damaging end user systems. Virus scanning programs operate like the U.S. Centers for Disease Control, comparing the content of a message against a database of virus profiles, which, not surprisingly, is constantly updated as new viruses emerge to terrorize the Internet populace. Thus, you’ll want to make sure that the Internet-based e-mail system you are evaluating features a robust virus-scanning engine with an easily updateable virus profile database.

You’ll also want to look for adequate protection from SPAM—the electronic equivalent of junk mail. At first glance, SPAM seems more an annoyance than the true security risk that it can be. SPAM can fill up your message store and, in extreme cases, can debilitate your system. The latter type of SPAM, called a "denial of service attack," can overwhelm an e-mail server by barraging it with hundreds of messages per second, thereby completely shutting it down. In addition, some SPAM programs can highjack a corporation’s outbound mail router, so that it appears that the SPAM is coming from a legitimate source. The unfortunate corporate victim then not only has credibility and public relations problems to deal with, it also must somehow recover control of its outbound mail router.

The Internet e-mail system you are evaluating should have all of the available features that protect against these kinds of SPAM-related attacks. At the forefront, denial of service attack protection will automatically shut down a server if sensors detect an accelerated flood of e-mail.

Next, inbound e-mail router filters or profilers will stop unwanted traffic at the server. Like virus filters, these inbound SPAM filters can be configured to eliminate specific e-mail addresses or specific domains, or they can be configured to profile subject or message content using customs scripts. If SPAM does somehow make it through the filters, the single copy message store feature prevents the message store from filling up by storing only one copy of the message destined for multiple users, thereby preserving disk space.

To protect against outbound mail router hijacking, select an Internet e-mail system that, by default, does not accept mail relays from anyone. Freeware solutions that have an open relay are an invitation to hackers. "Default zero" mail relay lists can be configured to add trusted mobile users and partners as the need arises, but the important thing is that the list is under the control of the corporate administrator.

System Security Protection: Who’s Minding the Store?

While the first three Internet security components are important, they are useless without the fourth component. Although not yet widely acknowledged, the most critical e-mail security factor is system security. This is because, if a hacker gets control of an e-mail server, the other security precautions won’t matter at all.

In a recent New York Times article, the Computer Emergency Response Team (CERT) Coordination Center, a leading computer security group, reported a significant rise in potentially dangerous attacks that exploit security holes in well-known, general-purpose operating systems such as Unix or Windows NT. These security holes enable hackers to waltz through the "front" or "back doors" of the system through its many application services and ports using superuser or shell access accounts. Hackers familiar with the security flaws in these big, complex operating systems can gain access into the server, grant themselves root privileges, and begin to wreak havoc on your system.

To prevent this type of attack, look for a hacker-proof Internet e-mail appliance. Designed as closed systems based on shielded operating systems, these systems are accessible only through the e-mail protocols—SNMP for server-to-server connections, and Post Office Protocol 3 (POP3) or IMAP4 for server-to-client connections. Administrative commands are also executed through a refined administrative application programming interface (API). This means that intruders have no way to access the operating system, because there are no exposed commands or executables that could render the system vulnerable to attack.

Secure systems should also have detailed logging, searchable by system administrators, to detect attempted break-ins and other suspicious behavior. Some systems feature an additional level of security with trusted IP address support. This feature permits administrative session access only from a list of specific IP addresses, thereby further preventing hackers from entering your system.

Conclusion

A little healthy wariness can be a good thing when contemplating the brave new world of Internet messaging. After all, the safety and security of your company’s valuable intellectual property, and client or customer confidentiality are at stake. Lack of confidence in the security of an Internet messaging system can result in lower productivity and process efficiencies, lost revenue opportunities, and longer response times in critical medical or public safety emergencies. For that reason, it is imperative to look for an Internet-based e-mail system that delivers a multilevel security solution. In particular, a prudent checklist for evaluating a standards-based Internet e-mail system should include the following questions:

• Does the system support popular legacy and newer standards-based user authentication protocols, such as LDAP?
• Does it support IMAP4 access control lists for shared folder access?
• Does it support standards-based session and content encryption mechanisms, including SSL, SSH, PGP, and S/MIME?
• Does it offer a robust virus and SPAM scanning engine, with an easily updateable profile database?
• Most importantly, is the system impervious to security holes inherent in general-purpose operating system-based e-mail solutions?

Take the time and effort to closely scrutinize the security components of an Internet-based e-mail system. You can bet that if you overlook something, the legion of hackers out there won’t.  MM

Back to Table of Contents