1 Security - DMARC ed Encryption non perdere tempo, non perdere dati e soprattutto evitare le trappole Cristiano Cafferata Claudia Parodi Mauro Cicognini CLUSIT 2014
2 Two words of history was not designed with security in mind RFC 821, Jonathan B. Postel, August 1982 Quote: «The objective of Simple Mail Transfer Protocol (SMTP) is to transfer mail reliably and efficiently.» The fact it s called Simple Mail Transfer Protocol should give us a hint The Internet in 1982 was a much different and perhaps frendlier place TCP was not the ubiquitous standard we have today (RFC793 is just a few months earlier, September 1981) DNS had not even been standardized yet: the first standard on DNS is RFC 882, November 1983 SMTP could disclose confidential info Open relays!
3 The State of Today Anti-Spam 98% anti-spam effectiveness is just the beginning Virus 100M+ Botnet systems worldwide Inbound & Outbound Threats Time-Zero Virus, DHA, DOS, Zombies Legal Offensive words/images, Disclaimers Regulatory Sending and receiving confidential information Unwanted Competitors, recruiters Don t forget about LDAP integration, Archiving, Encryption, Attachment Scanning, Connection Management, Auditing, and more
4 69B Volume of spam per day in Q Recent decline in spam volume is welcome but.. 20M 38,000 Unique malware threats in 2013 (at an all time high) Number of unique phishing sites detected in June 2013 $1,243 Average loss to each person successfully attacked according to the FTC 90% Of all that enters a typical corporation is bad 35% Of all leaks originate from within a company - need for DLP solution
5 Security Beyond Antispam Scan inbound/outbound to provide threat protection and to enforce policy rules to meet compliance goals. So what s new? Brand Protection
6 What s top on companies minds? Encryption & Reputation
7 Attacks on brands
8 Health Care Breaches by Wall of shame lists more than 804 breaches impacting 29.3 million users since 2009.
9 Brand Protection - Who is sending s on your behalf? Threats and unknown sources Known Servers With DMARC 1. Visibility Finally I can see 2. I can take action 3. I can align everything to the known and reduce the unknown Unconfirmed sources
10 Previous attempts on security S/MIME « signature» Assures content of message an extension to RFC822 Drawbacks: adoption, certificate lifecycle management In Italy: PEC «Posta Elettronica Certificata» A bold attempt to certify the whole transfer process Limited by the national scope
11 DMARC Implementation Domain-based Message Authentication, Reporting & Conformance Allowing senders to specify whether their content is authenticated by protocols such as SPF or DKIM Helping receivers identify fraudulent s and performing action to keep them out of Inboxes
12 Some background
13 Some background
15 Some background
16 How it works? SPF DKIM DMARC Policy based Feedback loop Reports
18 Authorized Senders DNS (SFP+DKIM+DMARC) Spammers Unauthorized Mail Server(s) Authentication passed Primary Mail Server Authorized Mail Server(s) Receiving Servers Deliver to recipient
19 Unauthorized Senders DNS (SFP+DKIM+DMARC) Spammers Unauthorized Mail Server(s) Authentication failed Primary Mail Server Daily aggregate report Receiving Servers Authorized Mail Server(s) Deliver to Junk/Reject
20 Align Unauthorized Senders DNS (SFP+DKIM+DMARC) Spammers Authentication passed Authorized Mail Server(s) Primary Mail Server Receiving Servers Authorized Mail Server(s) Deliver to recipient
21 Spammers DNS (SFP+DKIM+DMARC) Spammers Authentication failed Authorized Mail Server(s) Primary Mail Server Daily aggregate report Receiving Servers Authorized Mail Server(s) Deliver to Junk/Reject
22 DMARC - What is it? «Domain-based Message Authentication, Reporting & Conformance» DMARC standardizes how receivers perform authentication using the wellknown SPF and DKIM mechanisms. DMARC = SPF and/or DKIM
23 DMARC - Goals At a high level, DMARC is designed to satisfy the following requirements: Minimize false positives Provide robust authentication reporting Assert sender policy at receivers Reduce successful phishing delivery Work at Internet scale Minimize complexity
24 DMARC How does it work? A DMARC policy allows a sender to indicate that their s are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message.
25 DMARC Policy DMARC policies are published in the public Domain Name System (DNS), and available to everyone Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.
26 DMARC DNS Settings 1. Nome Record: «_dmarc.tuo_dominio.com.» 2. Contenuto "v=dmarc1;p=reject;pct=100;rua=mailto:po
27 DMARC Flow
28 SPF What is it? The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery More precisely, the current version of SPF called SPFv1 or SPF Classic protects the envelope sender address, which is used for the delivery of messages
29 SPF How does it work? Even more precisely, SPFv1 allows the owner of a domain to specify their mail sending policy The technology requires two sides to play together: 1. The domain owner publishes this information in an SPF record in the domain's DNS zone. 2. The receiving server check whether the message complies with the domain's stated policy.
31 DKIM What is it? DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
32 DKIM How does it work? DKIM attaches a new domain name identifier to a message and uses cryptographic techniques to validate authorization for its presence The identifier is independent of any other identifier in the message, such in the author's From: field.
34 DKIM Implementation 1. Censire tutti i domini di posta da proteggere 2. Creare la coppia di chiavi pubblica e privata: 1. Chiave pubblica: pubblicarla sul vostro DNS tramite record apposito 2. Chiave privata: configurarla sugli MTA 3. Inserire la chiave pubblica nel record DNS. 4. Inserire le chiavi Private sui vari MTA.
35 Security - Layout
36 How to enable SPF?
37 How to enable DKIM on inbound?
38 How to enable DKIM on outbound?
39 How to enable DMARC? Enable SPF and DKIM to enable DMARC
40 Gartner on Dell support for DMARC Dell has the most advanced Domain-based Message Authentication, Reporting and Conformance (DMARC) support and reporting, which enables more precise and useful DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) message handling. - Gartner 2013
41 Aggiungiamo un bit di Sicurezza : Encryption
Messaging Masters Series How DMARC is Saving Email The New Authentication Standard Putting an End to Email Abuse by Alec Peterson, CTO, Message Systems, and Mike Hillyer, Senior Director, Global Solution
Email Authentication Policy and Deployment Strategy for Financial Services Firms A PUBLICATION OF THE BITS SECURITY PROGRAM February 2013 BITS/The Financial Services Roundtable 1001 Pennsylvania Avenue
Email security Simple Mail Transfer Protocol First defined in RFC821 (1982), later updated in RFC 2821 (2001) and most recently in RFC5321 (Oct 2008) Communication involves two hosts SMTP Client SMTP Server
COMMUNICATIONS ALLIANCE LTD INDUSTRY CODE C650:2014 icode INTERNET SERVICE PROVIDERS VOLUNTARY CODE OF PRACTICE FOR INDUSTRY SELF-REGULATION IN THE AREA OF CYBER SECURITY C650:2014 icode - Internet Industry
Trend Micro Incorporated reserves the right to make changes to this document and to Hosted Email Security described herein without notice. Before installing and using Hosted Email Security, please review
SonicWALL Email Security Appliance Administrator Guide Version 7.3 SonicWALL, Inc. 2001 Logic Drive San Jose, CA 95124-3452 Phone: +1.408.745.9600 Fax: +1.408.745.9300 E-mail: email@example.com Part Number:
M1000, M2000, M3000 eprism User Guide Preface 5 CHAPTER 1 eprism Overview 7 What s New in eprism 5.0 8 eprism Overview 10 eprism Deployment 17 How Messages are Processed by eprism 19 CHAPTER 2 Administering
G00247704 Magic Quadrant for Secure Email Gateways Published: 2 July 2013 Analyst(s): Peter Firstbrook, Brian Lowans The secure email gateway market is mature. Buyers should focus on strategic vendors,
Secure Computing is a leading provider of enterprise gateway security solutions. Powered by our TrustedSource technology, our best-of-breed portfolio of solutions provides Web Gateway, Messaging Gateway,
Windows Firewall with Advanced Security Design Guide and Deployment Guide Microsoft Corporation Published: October 2008 Author: Dave Bishop Editor: Allyson Adley Reviewers: Bilal Aijazi, Boyd Benson, Shalaka
VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais 47 Exploiting the Trust Hierarchy among Email Systems Pablo Ximenes 1, André dos Santos. 1,2 1 Information Security Research
RESELLER BRANDING BEST PRACTICE GUIDE TO MAIL & WEB. CONTENTS 1. INTRODUCTION...2 Page 2. PROTECTING YOUR MAIL SERVER...3 3. ANTI-SPAM + EFFECTIVE ANTI-MALWARE = COMPREHENSIVE SERVER SECURITY... 5 4. PROTECTING
W H I T E PA P E R Secure Email Inside the Corporate Network: Providing Encryption at the Internal Desktop Table of Contents Introduction 2 Encryption at the Internal Desktop 2 Current Techniques for Desktop
Messaging, Malware and Mobile Anti-Abuse Working Group M 3 AAWG Best Current Practices For Building and Operating a Spamtrap October 2013 M3AAWG075 Table of Contents Introduction... 1 Spamtrap Goals/Purpose...
FortiMail Identity Based Encryption A Business Enabler WHITE PAPER FORTINET FortiMail Identity Based Encryption - A Business Enabler PAGE 2 Contents Business Need Secure Mail Delivery... 3 Challenges with
WHITE PAPER Rethinking Email Encryption: Eight Best Practices for Success Executive Summary Email continues to play a fundamental role in an organization s communications and day to day business and represents
E-mail Filter SurfControl E-mail Filter 5.0 for SMTP Getting Started Guide www.surfcontrol.com The World s #1 Web & E-mail Filtering Company CONTENTS CONTENTS INTRODUCTION About This Document...2 Product
Manual POLICY PATROL EMAIL MAIL SECURITY MANUAL Policy Patrol Email Mail Security This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
Log Correlation Engine Best Practices August 14, 2012 (Revision 3) Copyright 2012. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable
Nesox Email Marketer White Paper www.nesox.com Title: Technology white paper Version: 1.5 Author: Copyright number: Adnil Zhou 2005SR02878 Date: 2007.1.20 2007 Nesox Solutions, all rights reserved. January,
Transport Layer Security (TLS) About TLS Contents Secure email at HSBC 2 About Transport Layer Security. 2 Setting up a Forced TLS connection with HSBC 4 Glossary... 5 Support..... 5 Secure email at HSBC
39 Anti Spam Best Practices Anti Spam Engine: Time-Tested Scanning An IceWarp White Paper October 2008 www.icewarp.com 40 Background The proliferation of spam will increase. That is a fact. Secure Computing