Email Security:

Think about the content of your emails you keep and store. If they are receipts of purchases or other transactions, do they contain identifying information about you or your bank or credit card accounts? Every little clue provided in emails can aid hackers in figuring out who you are, where you have accounts and what the account numbers partially look like. If you choose convenience over security, and do not require passwords to enter your email program or to enter stored emails, you are taking a big risk in losing the privacy of your most important information.

A. Configure your email program to use password to open, password to enter store emails, avoid use of HTML that could allow malicious codes to execute from within an email message. Here are some tips for Outlook users:

Microsoft Outlook 2003: Lock it down in 10 steps

by  Scott Lowe MCSE    8/24/05  Source

While Microsoft has made significant progress securing Exchange 2003 and Outlook 2003, vulnerabilities still exist. Use the following 10 steps to mitigate potential problems before they become major issues.

1.         Stay current with Office security updates – Using Microsoft Update, you can automatically or manually download and install Office and Windows updates. You can download Office-specific updates from Microsoft's Office Web site. If you manage a large number of desktops, consider using Windows Server Update Services (WSUS), which includes support for Office products via its automatic update mechanism. Alternatively, you can manually download updates from the Office resource kit site. Check out these Office 2003 downloads and Office XP/2002 downloads.

2.         Encrypt traffic between Exchange and Outlook clients – If the network between the client and the Exchange server isn't totally secure, you should encrypt the communication channel between Outlook and Exchange. To do this, click Tools | E-mail accounts, select View or change existing e-mail accounts and click Next. Select the user's Exchange e-mail account and click Change. Click the More Settings and select the Security tab. Under Encryption, enable the checkbox labeled Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server and click OK.

3.         Learn about Outlook's attachment blocking feature – Outlook 2003 includes attachment blocking functionality designed to protect end users from running dangerous attachments, such as executable files, script files, Windows program information files (pif) and more. Check out this omplete list of file types blocked by Outlook 2003.

If you need to receive a message with an attachment that is on the blocked list, ask the sender to zip the file (unless you choose to block zip files) before sending it, or make the file available via a download location. If you have a file type that you would like to block—perhaps zip files—you can edit the desktop's registry to add the new file type you'd like to block.

To block a specific file type, open regedit and navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security

Add a new string value key named Level1Add. Open the new key and add the list of extensions you’d like to allow, each separated by a semicolon (example .zip;.xls;.exe). Outlook will now block attachments with the extensions you specify from your inbox.

4.         Create a Public Key Infrastructure (PKI) to support more secure messaging – This goes beyond Outlook, and requires that you create a certificate infrastructure, thus allowing you (or your users) the ability to verify the authenticity of people sending them mail and to be able to send messages to recipients that are similarly guaranteed. Microsoft Knowledge Base article 286159 includes a number of steps that help you can take to manage your digitally secure Outlook environment.

5.         Read messages in plain text – HTML e-mail messages can contain viruses or malicious scripts. By default, Outlook allows you to read HTML formatted messages, but you can disable this behavior and read messages in plain-text only. To disable HTML e-mail, click Tools | Options and select the Preferences tab. Click E-mail Options and enable the Read all standard mail in plain text checkbox. While you don’t have to worry as much about digitally signed mail since you should know who sent the message, if you want to force all digitally signed mail to be delivered to you in plain text only, also enable the All digitally signed mail in plain text checkbox.

6.         Ask Outlook to catch more junk mail, or consider using a white list – Outlook 2003 includes the ability to catch junk e-mail and place it into a junk e-mail folder in Outlook. Outlook includes four default junk e-mail settings. No filtering—don’t look for junk e-mail. Only move mail from senders you have explicitly blocked to the junk mail folder. Low & medium—The low setting handles only absolutely obvious junk mail while the medium setting catches more, but starts to run the risk of catching mail that shouldn’t be moved. Finally, if you want to make sure you get mail only from people you know, you can choose the Safe Lists Only setting and then populate your Safe Senders list. Note that this white list method can result in quite a lot of management overhead. To manage junk mail settings, click Tools | Options, select the Preferences tab, and click Junk E-mail.

7.         Be comfortable with the Reading Pane… as long as you don’t change default settings – In previous versions of Outlook, the Reading Pane posed a privacy risk since users could view HTML messages and other potentially insecure items that could report back to the sender that a message was read. As such, many people disabled the Reading Pane in order to secure themselves from possibly opening a malicious message. However, Outlook 2003 includes features that make the Reading Pane (which can be very useful) safe to use. This is due to Outlook’s new default setting that disables the automatically downloading of pictures in HTML messages.

If these settings have been changed so that pictures are automatically downloaded into Outlook, you should change the setting back to the default. To reset the Reading Pane's default settings, click Tools | Options, choose the Security tab, and click the Change Automatic Download Settings. Select all the available checkboxes. The two middle checkboxes relax this setting for senders that you feel are safe while the other two checkboxes enforce the picture downloading ban.

8.         Scan and secure with the Microsoft Baseline Security Analyzer – Version 2.0 of the Microsoft Baseline Security Analyzer (MBSA) scans systems for missing updates, including updates for Microsoft Office XP and later. Further, MBSA 2.0 will tell you if any of your systems have their firewalls disabled, and let you know whether Automatic Updates are on or off. MBSA 2.0 is available for download.

9.         Maintain macro and publisher security – By default, Outlook’s macro security is set to high, which automatically blocks unsigned macros from being executed. The next, and highest, option requires that macros only be run from trusted locations. Macros not from trusted locations will not be run, whether they’re signed or not. I don’t recommend this highest level of security, and recommend that you leave this option set to the default of high. However, on the next tab—Trusted Publishers—consider clearing the checkbox "Trust all installed add-ins and templates". These options are found at Tools | Macro | Security. Check out this full list of the ramifications of manipulating the various macro security options.

10.   Password protect your PST files – This is especially important for laptop users as the PST files could hold the keys to the kingdom if someone got their hands on your files. While Exchange users can’t do this, smaller shops using Outlook with other mail systems can. To add a password to your PST file, right-click the top level folder and choose the Properties option from the shortcut menu. Click the Advanced button and, on the resulting screen, click the Change Password button. Enter the new password as well as its verification and click OK.

B. Spam and Phishing attempts are a growing threat in email and instant messages. 

Most anti-virus programs provide scanning of your emails and instant messages for a virus. Many Internet Security Suites like Norton and ZoneAlarm and email programs like Outlook and AOL have built-in Spam Filters to protect you against junk mail, Phishing and Fraud.  If you are without this filtering capability, obtain one free or purchased.

See SPAM

See Outlook Configuration for Spam Control

Instant Messaging Security:

Instant Messaging technology has matured over the last few years from a novel add on application that enabled users to quickly stay in touch with friends and family, to a core Windows Operating System capability often used for business communication, collaboration, and operational support. While third party Instant Messaging (IM) applications still hold a large share of IM deployments, there is a growing trend to integrate Messaging functionality into the Operating System itself which can potentially pose a direct security threat to organizations that have acceptable use policies or secure operational frameworks that deny the use of this technology. The discovery of vulnerabilities in these programs also poses a significant risk to organizations that lack the technical countermeasures, security staff, or capabilities to mitigate this increasingly embedded threat.

By far, a great majority of IM applications found on Windows systems are Yahoo! Messenger (YM), AOL Instant Messenger (AIM), MSN Messenger (MSN) and Windows Messenger (WM) which is now fully integrated into Windows XP Professional and Home Editions. The capabilities that these programs bring to the desktop are wide ranging and may provide users with the ability to check remote web based email, do voice chat, perform video communication, and send and share data files above and beyond simple text based chatting. There is also a growing trend of "multi network" messaging programs that provide the user with a centralized interface to disparate messaging networks and protocols, like Trillian and the recently formed AOL, Yahoo!, and MSN chat alliance, which enabled all three clients to interact seamlessly in the workplace.

Remotely exploitable vulnerabilities in these programs or associated dependencies are a growing threat to the integrity and security of networks, directly proportional to their rapid integration and deployment on Windows systems. Attack scenarios for Instant Messaging vulnerabilities are widely varied, and can come in the form of remotely executed buffer overflows (RPC based, packet malformation), URI/malicious link based attacks, file transferring vulnerabilities, and Active X exploits.

These applications not only introduce network based vulnerabilities into systems but also pose an intellectual property loss risk, potential for loss of confidentiality, and threat of employee productivity loss. While mitigating remotely exploitable weaknesses in these programs is of utmost importance, the necessary acceptable use policy and ingress/egress traffic enforcement is also of paramount importance to ensure one avoids the problems that Instant Messaging can introduce into a network.

Security Solution: Keep your IM application upgraded and patched with all available security patches from Microsoft security site or your vendor site. Never download files or click on links found within instant messages because the sender might not be who you think it is from and the new threats are very dangerous.

Oscabot-F is typical of new threats aimed at IM. That worm spreads through America Online Inc.'s AOL Instant Messenger client. AIM users receive an instant message that reads "lol have you seen this?" and seems to come from an AIM contact. Clicking on a link in the message downloads and installs the Oscabot-F worm onto the victim's computer and sends identical messages to all the victim's AIM buddies.

IM worm writers have mastered the art of commandeering a user's buddy list to spread the malware bundles via URLs that must be clicked.

"Once we start seeing AIM or MSN Messenger exploits packaged into these, we'll see a fully automated IM worm. But, so far that hasn't yet happened on a large scale, and I don't know why. I think it's only a matter of time before some enterprising malware author decides to break down that barrier," Nazario, a worm researcher, adds.

Instant Message buffer overflows are a recipe for disaster.

"We've already seen documentation for some serious code-execution vulnerabilities in IM applications. If you put it all together, you'll see we're not that far away from an automated IM attack where infections don't require the user to click on anything," Wells said.

"The attackers will start looking for exploits within the IM itself. Now we're seeing the IM clients become more than just a text chat tool. AIM now has the ability to load an image on top of the buddy list and play music without a click. All the messaging clients today are bundling a lot of different applications like VOIP, file transfer, image sharing, Internet radio. Those add-ins all have their own security concerns," Wells said in an interview. Source

"When you bundle third-party functionality into the program, you expand the client footprint, but you're also in inheriting all the security problems," he added.

Arbor Networks' Nazario said there has been detailed research work done to show that an automated IM worm could spread over IM rapidly. "In the worst case scenario, research has shown that all vulnerable clients online at a time could get infected in a matter of seconds."
 

AOL Instant Messenger now used in Rootkit Attacks

There is a growing use of Instant Messaging to attack and spread dangerous security threats. Besides virus, Trojan or Worm attacks, the latest Rootkit threat is now being used within AOL and other instant messages.

Rootkits can be installed and hidden so that they are extremely undetectable. A threat installed at the root level of the computer operating system is a dangerous backdoor that can provide hackers with remote control of the system, complete access to your login accounts, hard drive, monitor and steal your account information and data, alter operating system files and hide from detection. The rootkit can shut down anti-virus software, alter the users' search page, run CPU usage to 100 percent and automatically download unwanted Spyware programs.

Because users must actively click on the file link to install the rootkit, security experts urge instant messenger users to never click on links or execute files presented in instant messages - even if they “supposedly” come from a friend. A compromised system account can automatically pass these threats along to the other users on one’s Buddy List. Thus, all your friends will now receive the threat message supposedly coming from you. You just can't be sure if a message is legit or not and these new threats are too dangerous to take a guess.

Instant Messenging, emails, chat rooms, web pages, file-sharing peer-to-peer networks can all become vehicles for rootkit and other threats. Downloading files and clicking on links to open files or web sites are quick avenues to serious trouble. It is just not safe to trust the source when you cannot verify who you are communicating with.

Experts have seen a 20-fold increase in the appearance of worms and viruses on IM clients over last year, and eWeek.com also reported last month that instant messaging systems have become an increasingly favored target for attackers, with nearly 75 new IM viruses reported in August and September.

Bundled within the previously identified W32/Sdbot-ADD worm, the lockx.exe rootkit file is installed when users click on the file link within the IM window. It has been programmed to connect to an IRC (Inter Relay Chat) server to listen for commands from a remote attacker.

Phishing

SPAM

http://articles.techrepublic.com  - Locking down Outlook 2003 in 10 easy steps