E-mail, Web, Facsimile, and Telephone Security
The CISSP candidate should understand common issues associated with e-mail, web, facsimile, and telephone security.
E-mail has emerged as one of the most important communication mediums in our global economy, with over 50 billion e-mail messages sent worldwide every day. Unfortunately, spam accounts for as much as 85 percent of that e-mail volume. Spam is more than a minor nuisance — it’s a serious security threat to all organizations worldwide.
The Simple Mail Transfer Protocol (SMTP) is used to send and receive e-mail across the Internet. It operates on TCP/UDP port 25 and contains many well-known vulnerabilities. Most SMTP mail servers are configured by default to forward (or relay) all mail, regardless of whether the sender’s or recipient’s address is valid.
Failing to secure your organization’s mail servers may allow spammers to misuse your servers and bandwidth as an open relay to propagate their spam. The bad news is that you’ll eventually (it usually doesn’t take more than a few days) get blacklisted by a large number of organizations that maintain real-time blackhole lists (RBLs) against open relays, effectively preventing most (if not all) e-mail communications from your organization reaching their intended recipients. It usually takes several months to get removed from those RBLs after you’ve been blacklisted, and it does significant damage to your organization’s communications infrastructure and credibility. ...