Electronic mail (email) is perhaps the most popularly used system for exchanging business information over the Internet (or any other computer network). At the most basic level, the email process can be divided into two principal components: (1) mail servers, which are hosts that deliver, forward, and store email; and (2) mail clients, which interface with users and allow users to read, compose, send, and store email. This document addresses the security issues of mail servers and mail clients, including Web-based access to mail.
Mail servers and user workstations running mail clients are frequently targeted by attackers. Because the computing and networking technologies that underlie email are ubiquitous and well-understood by many, attackers are able to develop attack methods to exploit security weaknesses. Mail servers are also targeted because they (and public Web servers) must communicate to some degree with untrusted third parties. Additionally, mail clients have been targeted as an effective means of inserting malware into machines and of propagating this code to other machines. As a result, mail servers, mail clients, and the network infrastructure that supports them must be protected. Examples of email security issues include the following:
(1) To exchange email with the outside world, a requirement for most organizations, it is allowed through organizations’ network perimeter defenses. At a basic level, viruses and other types of malware may be distributed throughout an organization via email. Increasingly, however, attackers are getting more sophisticated and using email to deliver targeted zero-day attacks in an attempt to compromise users’ workstations within the organization’s internal network.
(2) Given email’s nature of human to human communication, it can be used as a social engineering vehicle. Email can allow an attacker to exploit an organization’s users to gather information or get the users to perform actions that further an attack.
(3) Flaws in the mail server application may be used as the means of compromising the underlying server and hence the attached network. Examples of this unauthorized access include gaining access to files or folders that were not meant to be publicly accessible, and being able to execute commands and/or install software on the mail server.
(4) Denial of service (DoS) attacks may be directed to the mail server or its support network infrastructure, denying or hindering valid users from using the mail server.
(5) Sensitive information on the mail server may be read by unauthorized individuals or changed in an unauthorized manner.
(6) Sensitive information transmitted unencrypted between mail server and client may be intercepted. All popular email communication standards default to sending usernames, passwords, and email messages unencrypted.
(7) Information within email messages may be altered at some point between the sender and recipient.
(8) Malicious entities may gain unauthorized access to resources elsewhere in the organization’s network via a successful attack on the mail server. For example, once the mail server is compromised, an attacker could retrieve users’ passwords, which may grant the attacker access to other hosts on the organization’s network.
(9) Malicious entities may attack external organizations from a successful attack on a mail server host.
(10) Misconfiguration may allow malicious entities to use the organization’s mail server to send email-based advertisements (i.e., spam).
(11) Users may send inappropriate, proprietary, or other sensitive information via email. This could expose the organization to legal action.
This document is intended to assist organizations in installing, configuring, and maintaining secure mail servers and mail clients. More specifically, this document discusses the following items in detail:
(1) Email standards and their security implications
(2) Email message signing and encryption standards
(3) Planning and management of mail servers
(4) Securing the operating system underlying a mail server
(5) Mail server application security
(6) Email content filtering
(7) Email-specific considerations in the deployment and configuration of network protection mechanisms, such as firewalls, routers, switches, and intrusion detection and intrusion prevention systems
(8) Securing mail clients
(9) Administering the mail server in a secure manner, including backups, security testing, and log reviews.
The following key guidelines are recommended to Federal departments and agencies for maintaining a secure mail server.
(1) Organizations should carefully plan and address the security aspects of the deployment of a mail server.
(2) Organizations should implement appropriate security management practices and controls when maintaining and operating a secure mail server.
(3) Organizations should ensure that the mail server operating system is deployed, configured, and managed to meet the security requirements of the organization.
(4) Organizations should consider the implementation of cryptographic technologies to protect user authentication and email data.
(5) Organizations should employ their network infrastructure to protect their mail server(s).
(6) Organizations should ensure that the mail clients are deployed, configured, and used properly to meet the security requirements of the organization.
(7) Maintaining the security of a mail server is an ongoing process.
CLICK HERE to read or download the complete Guidelines On Electronic Mail Security document from NIST’s website.