No one doubts the importance of the humble email in business today.  In terms of the resources allocated for business continuity though, the email server does not necessarily command sufficient resources to ensure its continual operation, which is due in part to an under appreciation of it can offer.

The email can play a pivotal role in the face of disaster however, and businesses should allocate sufficient resources to ensure it keeps running.  For today, I want to highlight some roles that the email is perfectly capable of fulfilling in order to underscore why it makes sense to invest in technologies and failovers to ensure that email services continue humming along.

For reassurance and communication of detailed instructions

Text messages or a quick phone call from the departmental head or team leader are extremely useful to disseminate information quickly and efficiently.  Say for example, instructions to stay home due to an overnight fire in the office; or to inform employees that they can work from home for the day due to inclement weather.  However, not only are the above media impractical for communicating lengthier instructions, they are also a poor choice in certain situations due to tendencies for nuances to be lost along the communication chain.

Continue reading The Importance of Email in Business Continuity

Ever since the inclusion of SMTP-AUTH the Simple Mail Transport Protocol was thought to be on its way to a more secure messaging protocol and with Microsoft’s inclusion of Secure Password Authentication that addressed security issues with Microsoft mail clients mail administrators could easily be lulled into a sense of security that truthfully doesn’t exist.

Email security is much more than simply protecting credentials and authentication. Though most people associate an attack on an email server with private or confidential messages being compromised, the risks of running an email server are much greater than that.

As email is still one of the most widely used methods of business communication, attackers find this to be an attractive target. Not only because they want to see what is in your company’s emails, but because they know that 1) email can open the door to many other resources and 2) people tend to let their guard down when it comes to using email.

Below you will see some of the most commonly used attacks against SMTP servers over time. While some may no longer be an effective means of compromising a system or network, they do show the trends in exploits that attackers use and being aware of them will help keep you on your toes when it comes to securing your servers against vulnerabilities.

Continue reading Common SMTP Exploits – Part 1

One problem that administrators face is the difficulty of acquiring the funds to replace ageing hardware or for periodic upgrades to a major point release of the email server software.

A major portion of the blame for this can be attributed to the infamous adage of “out of mind, out of sight” – an easy tune to hum when everything is running smoothly.  In addition, the fact that most companies deploy Internet-facing servers in the DMZ (De-Militarized Zone) of their network actually exacerbates the problem; some IT managers and CIOs start to envisage the email server as a low-value or invulnerable target from a security perspective.

Taken to extremes, email administrators could even start failing to diligently apply security patches, or continue to use old software long past their support end date.  Yet the misconception that the email server is unimportant to hackers is erroneous, and could not be further from the truth.  To highlight the importance of protecting the humble email server, I have drawn up a list of five reasons why hackers would want to break into your email server.

Continue reading 5 Reasons Why Hackers Want to Break into Your Email Server

Most all large companies and organizations see huge amounts of email traffic go through their server each day. And a large majority of those email messages contain attachments, sometimes two or three attachments per email. Many of those email attachments are harmless and contain only information that is useful to the recipient.

But while passing through your organization those email messages must also pass through your email servers. The configurations of your email servers are always, at the very least, set to meet your targeted performance metrics. And although administrators are very careful to also include anti-virus and intrusion detection software sometimes further security measures must also be implemented.

If an email server has been set up as an open relay to the Internet then it is possible for someone to access it and use it to send unsolicited email messages (a.k.a. “spam”) into your organization. Leaving your proxy server in an open state makes it vulnerable to malicious attacks. Added to the annoyance over receiving unsolicited email is also the potential issue of suffering performance problems.

Continue reading 4 Techniques for Securing Your Email Server

As IT managers and executives finalize their various goals for the New Year, perhaps one of the changes entails achieving a higher level of uptime for the email servers under your charge.  The inherent nature of server downtime though, necessitates that any work to keep things running must be proactive or preventive in nature.

So what are some ways to preempt the issues that has the ability to bring your email server to its figurative knees?  I’ve come up with a list of five tips today.

1. Mind your patches

The most obvious (and boring) thing that an administrator can do is to ensure that all software patches related to the email server are diligent tested and applied.  While necessarily troublesome, since all but the simplest of them entails staying in the office after hours, they are also the most important.

One thing to keep in mind is that many of these patches or service packs contain security fixes to discovered vulnerabilities.  On that note, email systems that have not been patched for a long time are just waiting to be hacked into; also a sure way to trash the chances for any uptime record.

Continue reading 5 Tips to Increase the Uptime of Your Email Server

Always on the lookout for a new tool or website to give me a leg up or a second opinion on my security, I was delighted to find GFI’s Email Security Testing Zone, a website that can run several security tests of your email system to evaluate your security posture, and provide you with a detailed analysis and report you can use to assess how well you are doing securing your systems, and/or to create a list of things that need your attention.

This simple web-based tool is free for use, and can run tests in seventeen categories, and then provides a grade, a ranking of how you stack up against other servers, and a detailed report of the results.

Continue reading Email Security – How does your Email Server Rate?

I recently wrote an article that dismissed the use of fake MX records as an email security measure, on the basis that it did more harm than good for preventing spam.

I was reminded this week of an incident in which a customer was confused as to how spam was making it into their email systems.  Actually this has happened on more than one occasion with the same ultimate outcome.

The confusion mostly comes from the client thinking that because there were no MX records in public DNS zones that pointed to their email servers that the spammers and hackers shouldn’t be able to find them.

The fatal flaw in that thinking is that spammers and hackers don’t just use MX records to find places to send email or attack mail servers.  When they really want to find email servers, say to try and locate some open relays that they can exploit, they will use port scans instead.

A “port” in networking terminology is a communications end point that is specific to a process or service running on a computer.  In the case of SMTP, the protocol that email users, the port is TCP 25.

In other words, if you’re running an email server on your network then chances are you firewall has TCP port 25 open and allowing traffic through from the internet to your server.  In many cases the traffic might be filtered first by an intermediary server, but with a lot of environments running their email security software directly on the email server itself, often the SMTP traffic goes straight to that server.

In my customer’s case they had multiple servers in the environment, with a security product running on the internet-facing email server.  When they had merged companies they had ended up with multiple internet connections and firewalls, and kept those running.  They consolidated all of their email to the primary site, removing the MX records that were pointing to the second firewall and then promptly forgot all about it. Continue reading Email Server Security: Port Scans and MX Records

In many organizations what started out as a small IT department many years ago has grown over time through the addition of multiple brands of servers running different operating systems and requiring many different skill sets to support them.  Some of these skill sets have also evolved to an almost specialized status due to the outdated support levels of the applications and operating system versions.

If you’re like most large companies you either have a centralized email server architecture or decentralized email server(s) with multiple large departments operating their own email servers independent of one another.

Older email servers may have been sized for 1000’s of users who were originally communicating with simple text messages but now has grown to 10,000’s of users who are sending and receiving email attachments such as audio, video and document files that take up MBs in the upload/download pipes all competing for bandwidth and putting a strain on your email servers. This kind of activity can slow an enterprise down to the point that user efficiency and company revenue are impacted.

Continue reading Email Needs Change Over Time