How to Crack iOS Passwords
How to Exploit the Vulnerability of a Missing Patch Using Metasploit
Hacks That Exploit Missed Patches

Automate E-mail Security Controls to Prevent Hacks through E-mail

E-mail is a common entry point for hack attacks on all kinds of systems – Windows, Linux, Unix – you name it. You can implement the following countermeasures as an additional layer of security for your e-mail systems:

  • Tarpitting: Tarpitting detects inbound messages destined for unknown users. If your e-mail server supports tarpitting, it can help prevent spam or DoS attacks against your server. If a predefined threshold is exceeded — say, more than ten messages — the tarpitting function effectively shuns traffic from the sending IP address for a period of time.

  • E-mail firewalls: E-mail firewalls and content-filtering applications from vendors such as Symantec and Barracuda Networks can go a long way towards preventing various e-mail attacks. These tools protect practically every aspect of an e-mail system.

  • Perimeter protection: Although not e-mail-specific, many firewall and IPS systems can detect various e-mail attacks and shut off the attacker in real time. This can come in handy during an attack.

  • CAPTCHA: Using CAPTCHA on web-based e-mail forms can help minimize the impact of automated attacks and lessen your chances of e-mail flooding and denial of service. These benefits come in handy when scanning your websites and applications.

Some e-mail servers, especially UNIX-based servers, can be programmed to deliver e-mails to a daemon or service for automated functions, such as create this order on the fly when a message from this person is received. If DoS protection isn’t built in to the system, a hacker can crash both the server and the application that receives these messages and potentially create e-commerce liabilities and losses.

This can happen more easily on e-commerce websites when CAPTCHA is not used on forms.

blog comments powered by Disqus
How to Minimize Database Vulnerabilities to Avoid Getting Hacked
Capture and Record Voice Traffic to Demonstrate VoIP Security Vulnerabilities
How Network Analyzers Are Used to Hack Passwords
How to Guard against Buffer Overflow Hacks
How to Minimize Web Security Risks to Avoid Getting Hacked