Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understand Protection LESSON 4.2 98-367 Security Fundamentals.

Published byFlorence Mathews Modified over 8 years ago

Similar presentations

Presentation on theme: "Understand Protection LESSON 4.2 98-367 Security Fundamentals."— Presentation transcript:

1 Understand E-mail Protection LESSON 4.2 98-367 Security Fundamentals

2 LESSON 4.2 Lesson Overview In this lesson, you will learn:  Tips for securing the client and server  Anti-virus measures  Protecting against spam  Protecting against address spoofing  Phishing and pharming  SPF and PTR records

3 98-367 Security Fundamentals LESSON 4.2 Educating Users About Spam  Online scams of all sorts are serious and range from bank fraud to cyber-terrorism.  The first step in combating online scams is to educate users.  A typical spam strategy: o Users may receive spam that includes a disclaimer stating something similar to the following: “If you wish to be removed from this mailing list, you should respond to the mail with the word ‘Remove’ in the subject line.”  Although this is a legitimate tool for some reputable companies, it is often a means of verifying that an e-mail address is valid so that the address can then be used again and maybe sold to other spammers.

4 98-367 Security Fundamentals LESSON 4.2 Anticipatory Set Check all your e-mail accounts for potential spam messages. Did you find any? Who are they from? Did you respond? What happened?

5 98-367 Security Fundamentals LESSON 4.2 Anti-Virus Measures  Viruses transmitted through e-mail messages are a significant threat to an organization.  E-mail viruses can attack individual computers or your entire e-mail environment.  The most effective mechanisms for combating viruses are installing anti-virus software and keeping the anti-virus signature files up-to-date.  Consider protecting against viruses at the firewall, at the simple mail transfer protocol (SMTP) gateway, at each exchange server, and on every client computer.

6 98-367 Security Fundamentals LESSON 4.2 Protecting Against Address Spoofing  A common technique spammers use is to configure the From line in an e-mail message to hide the sender's identity.  Although SMTP does not require verification of a sender's identity, Exchange 2003 provides Anonymous Access Settings functionality to help minimize address spoofing.  Although Exchange 2003 provides the ability for client-side users to recognize spoofed mail, you should turn off anonymous SMTP access. o Helps assure that only authenticated users can submit messages within your organization.  Requiring authentication forces client programs such as Outlook Express and Outlook using RPC over HTTP to authenticate before sending mail.

7 98-367 Security Fundamentals LESSON 4.2 Phishing – Hook, Line and Sinker  Phishing scams consist of fraudulent e-mail messages that appear to be from a legitimate Internet address with a justifiable request.  Usually direct the user to a website for verification or updating of personal information or account details (passwords, credit card, Social Security, and bank account numbers).  The messages suggest negative repercussions for not following the link, such as “your account will be deactivated or suspended”.  Commonly referred to as “phishing” because they use bait that lures unsuspecting victims.  The goal is for users to fall for the bait so that cyber crooks can then withdraw money directly from bank accounts or go on shopping sprees with the credit card information.  View video: What you should know about phishing identity-theft scamsWhat you should know about phishing identity-theft scams

8 98-367 Security Fundamentals LESSON 4.2 Pharming  Term for when criminal hackers redirect Internet traffic from one website to an identical-looking site in order to trick you into entering your user name and password into their database.  Criminals try to acquire personal information in order to access bank accounts, steal identities, or commit other fraud.  Banking and similar financial sites are often the targets of these attacks.  More insidious because users can be redirected to a false site without any participation or knowledge on their part.  If you notice something suspicious about a trusted Web site, report it— by telephone if possible—to the business or site owner.  Remotely controlled Bot Nets (large collections of compromised systems) can take down a service or send spam under the radar. Rootkits can circumvent detection and execute with impunity.

9 98-367 Security Fundamentals LESSON 4.2 Securing the Client  Consider the client as you develop a security plan for your e-mail environment.  Examine which clients are strictly required and then limit Exchange functionality to those clients.  Ensure that your patch management plan extends beyond the operating system on the client desktop. Use current and patched versions of the client software, regularly checking for client security updates.  Educate your users about e-mail viruses, virus hoaxes, chain letters, and spam.  Establish procedures that your users can follow when they encounter suspect mail.

10 98-367 Security Fundamentals LESSON 4.2 Autodiscover and Sender Policy Framework  Enable Autodiscover o Automatically finds the correct Microsoft ® Exchange Server host and configures Office Outlook ® 2007 for your users. o Includes an offline address book and the Free-Busy availability service that provides availability information for your users.  Add Sender Policy Framework (SPF) o Lets you specify which computers are authorized to transmit e-mail from your domain. o Prevent others from using your domain to send SPAM or other malicious e-mail.

11 98-367 Security Fundamentals LESSON 4.2 How Sender ID Works  Domain administrators publish Sender of Policy Framework (SPF) records in the DNS that identify authorized outbound e-mail servers.  Receiving e-mail systems verify whether messages originate from properly authorized outbound e-mail servers.

12 98-367 Security Fundamentals LESSON 4.2 Configuring DNS Settings for Exchange 2007 Server Roles (PTR Records)  All computers that have the Exchange 2007 Mailbox, Client Access, Hub Transport, or Unified Messaging server role installed must be domain members.  When the Microsoft Windows ® server joins the domain, the domain name is used to create a DNS suffix. o The DNS suffix is appended to the server name to create a fully qualified domain name (FQDN).  A host record for the server, also known as an “A” resource record, is registered in a forward lookup zone in the DNS database.  A reverse lookup record for the server, also known as a “PTR” resource record, is registered in a reverse lookup zone in the DNS database.

13 98-367 Security Fundamentals LESSON 4.2 Class Activity  Visit the Microsoft Exchange Remote Connectivity AnalyzerMicrosoft Exchange Remote Connectivity Analyzer  Experiment with each test.  Record your experience with each.

14 98-367 Security Fundamentals LESSON 4.2 Lesson Review  Watch the video How Do I: Enable the Anti-spam Agent in a Single Server Exchange Server Environment? at http://technet.microsoft.com/en-us/exchange/dd251269.aspx

Download ppt "Understand Protection LESSON 4.2 98-367 Security Fundamentals."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Similar presentations

Ads by Google