Secure Email Gateway | IT NETWORKS

-
Email was one of the first things that people did when the world became connected in 1990s. 

It didn't need a large bandwidth back in time when technology and different connection lines were limited. 

It was also easy, fast, and didn't even cost a lot of money,

It was so easy and inexpensive that intelligent people saw it as a means to get a message to many people at little or no cost.

Some of these mails have become legitimate businesses and official proofs and were equivalent to advertising flyers send by post, but other mails were sent by more untrusted people in order to hack or to steel personnal information or identity online like postal addresses and emails, names and phone numbers.

That was the beginning of SPAM - the fact of sending irrelevant and unsolicited messages on the Internet to a large number of recipients in order to collect some information.




no copyright photo




As people started to send and receive emails without verification or accountability, it offered anonymity.

in the beginning, people were thinking spamming more as a nuisance than a threat.

But in 1996, America Online (AOL) coined the term "phishing" to describe the practice of someone creating a phony account to engage unsuspecting people and tricking them to reveal sensitive information or to steel money.

Some of you may have met a character like Prince Solomon of Abadodo, or some other wiley character, who wanted to share their wealth. "Please provide your bank account information, and His Highness will kindly deposit a packet of gold."

Other bad actors registered domain names that were strikingly close to the names of legitimate businesses or organizations and masqueraded as that business in an email, coaxing you to click on a link or an attachment that contained malware.

The phishing technique relied on human naivety, carelessness or distraction in order to work.

One of the first responses of businesses was to educate their employees about phishing tactics.
However, while education can reduce phishing exploits, it could not eliminate the threat.

Something needed to be done at the mail server and the Internet Service Provider (ISP) levels. In response, businesses installed spam filters on the mail server to stem the tide of spam and phishing emails.

The spam filters relied on identifying certain words or patterns in the headers or bodies of the message.
To use a simple example, if the word "VIAGRA" is common to email spam, then the word could be added to the filter, which would eliminate any email that contained that word. These types of spam filters were also deployed by ISPs. In addition to filtering, the ISPs turned to strengthening authentication methods.

By the end of the first decade of the twenty-first century, the ISPs began to implement the Sender Policy Framework, which slowly took shape during that decade but wasn't proposed as a standard until 2014.



The Sender Policy Framework is an email authentication method that detects bogus sender addresses and emails.

However, for every measure stood up by legitimate businesses, organizations, and ISPs, the bad actors introduced a countermeasure that circumvented the latest defense. To return to our simple example, spammers could easily bypass our filtered word "VIAGRA" by rendering it as V1AGRA or some other variant.

And while filters became more sophisticated in detecting spam patterns, they were too static and easy to outsmart.

Spamming and phishing were just too lucrative for bad actors to give up easily. In fact, phishing attacks have grown enormously since the turn of the century.

While, in 2004, 176 unique phishing attacks had been recorded, by 2012 this had grown to 28,000!

And no wonder, phishing was lucrative. Between lost money damages, the attacks caused a 500$ million loss to businesses and individuals. In the wake of these failures, the Secure Email Gateway, or SEG, arose to put up a more rigorous defense.

In addition to the spam filter, it added anti-virus scanners, threat emulation, and sandboxing to detect malicious attachments and links in real-time. Thus, even if education and the spam filter failed, one of these other tools could detect and expunge the threat.

However, the number of false positives and the huge number of attacks overwhelmed security professionnal teams, who became bogged down in manual remediation.

Secure Email Gateway continues to evolve as the threats evolve and cybersecurity enterprises like Palo ALto Networks or Fortinet continue updating their technologies and developing new techniques in order to protect their clients.

Today, the greater automation built into SEG alleviates the demands placed on the Security Operations Center (SOC).
Other features, such as Data Leak Prevention (DLP) have been added to detect and stop the egress of sensitive data.

In some cases, SEG has been integrated with other network security devices, such as edge and segmentation firewalls.
These devices collectively form an integrated fabric of security, which can be centrally managed from a single pane of glass and continually updated by threat intelligence as new methods and contagions become known.

For example, Fortinet has a Secure Email Gateway that is called FortiMail, this system is used to protect and analyse threats sent and received by emails;

Learn more:

In Programing

How to install PYTHON 3.8.0 :
https://itnetworks2020.blogspot.com/2019/12/1-programming-with-python-installing.html

In Security

Endpoint introduction :
https://itnetworks2020.blogspot.com/2019/10/endpoints-introduction.html

Firewalls:
https://itnetworks2020.blogspot.com/2019/10/firewalls.html

Security Email Gateways:
https://itnetworks2020.blogspot.com/2019/10/secure-email-gateway.html

CyberSecurity Evolution : UnKnown Threats:
https://itnetworks2020.blogspot.com/2019/10/cybersecurity-evolution-unknown-threats.html

CyberSecurity Evolution : Known Threats
https://itnetworks2020.blogspot.com/2019/10/cybersecurity-evolution-known-threats.html






Comments

Post a Comment

Popular Posts

Network Access Control NAC | IT NETWORKS

-
Image
Network Access Control NAC It's something that controls access to the network. And at its simplest level, this is what NAC does.  But if that's all that it was, then it wouldn't be fundamentally different from a network authentication and authorization server. Traditional authentication to the network follows the IEEE 802.1X standard that provided an authentication method to devices wishing to join a Local Area Network (LAN) or wireless LAN. 802.1X Wireless/Wired Authentication The mechanism was a port-based network access control which used agents, the software running on client devices that provide credentials to the authenticator to control access to the network. Another means to control access to a public network such as one serving a coffee shop or in a hotel, is a captive portal. If you've ever connected to a network in an airport, hotel, or coffee shop, you might recall interacting with a web page, sometimes agreeing t
Read more

CISCO : Dynamic Multipoint Virtual Private Network (DMVPN) | ITNETWORKS

-
Image
1- Definition   DMVPN is a technology that's used in secure networks exchanging data between them without needing to redirect traffic through a  headquarter  server  or router . Dynamic Multipoint VPN ( DMVPN ) is a Cisco IOS Software solution for building reliable IPsec Virtual Private Networks (VPN). DMVPN basically is a centralized architecture that provides easier management and implementation for deployments that need very specific access controls, authorizations and restrictions for diverse branches, users, applications and partners. DMVPN + IPSEC 2- Benefits DMVPN provides the ability to create dynamic VPNs without configuring static tunnels between remote peers, including Internet Protocol (IP), IPSEC and Key Management Protocol (ISAKMP peers).   DMVPN is designed  to make HUB-AND-SPOKE   topology  by statically configuring the hub IP address on the spokes, no other changes are needed  in the configuration ns of the hub to accept ne
Read more

Issues with CISCO WIRELESS Controller (And resolution) | IT NETWORKS

-
Image
On Cisco Wireless controller 5520, The Access POINTS try to join the Controller by bringing up a connection through the CAPWAP Tunnel, you can see these attempts through the AP log itself. The problem is that the DHCP server when trying to serve IP Addresses it shows the error BAD_ADDRESS in front of each IP assigned. So I Took a single access point, started debugging it, after that, I noticed that the CAPWAP connection was empty of errors BUT!! it was trying to resolve this name  CISCO-CAPWAP-CONTROLLER This resolution is made with DNS protocol, of course, I honestly wasn't so sure of what I was doing, so I added a new entry in my DNS server and it's corresponding IP was the Controller's after that magically all the Access Points where UP and showed UP on my controller. The controller I'm working with is the CISCO WIRELESS CONTROLLER 5520 Model:  AIR-CT5520-K9 Software Version:  8.3.150.0 Image of the controller Learn
Read more