Security Expert explanation: E-mail Security Essentials Guide

Author: Legend: BKJIA

When talking about Email Security, it mainly involves two aspects: one is the security provided by the mail client, and the other is the security of email messages.

In the past two decades, e-mails have become one of the world's leading communication media, and their speed has even exceeded those of telephone and traditional email services.

Unfortunately, during this period, emails have been proven to be vulnerable to external influences and attacks, this includes individuals and organizations that attempt to commit technical damages or wish to profit in an illegal form. As a result, security has become an increasingly important issue for all email users.

Threats to email

Although email security is often seen as an independent issue, it is actually a mixture of several different threats that can independently damage computers and fraud recipients, in addition, it can damage the validity and reliability of E-Mail and people's trust in the Mail system. Email threats can be divided into several different types:

◆ Virus, worm, and Trojan Horse: these three types of malicious code can be used as email attachments to entice users to open or run, and they can destroy the data of a host system, turning a computer into a remote-controlled botnet can even cause huge economic losses to the recipient. For example, a Trojan Horse is called a keyboard recorder, which can secretly record system activities, attackers can access the company's bank accounts, internal websites, and other private resources.

◆ Phishing: Phishing attacks can use social network engineering to steal personal information and financial data. This attack relies mainly on "fake" emails to direct recipients to fraudulent sites and trick users into entering confidential financial data, such as credit card numbers, account names, and passwords. Scammers typically hide themselves by using fake identities that are stolen from banks, online traders, and credit card companies.

◆ Spam: Although spam is not a significant threat like virus infection, Spam can quickly overwhelm users' inbox, making it difficult for users to view legitimate emails. The spam problem is so serious that the user will discard an email account destroyed by spam. Spam is also a media favorite of fishermen and virus makers.

Defending Email Security

I. Tools: Use a Secure Mail Client

Client mail is a software used to write, send, and receive e-mail messages. The first step to ensure the security of the email system is to use a secure mail client. Some email clients have too many vulnerabilities, and the vendor's patches are too late. This creates a large number of attack opportunities for hackers. So use it with caution.

Ii. Form: use plain text

It should be said that it may be harmful to perform some operations without the user's permission. HTML documents include such a factor. When a user clicks a document, it may take the user to a strange website. Although most client software can be used for protection, it is recommended that you disable it.

Taking Microsoft Outlook Express as an example, we will introduce the method as follows: After configuring the SMTP and POP3 mail servers, click "Tools"> "options"> "read ", select "read all information in plain text format" (figure 1)

498) this. style. width = 498; "border = 0>

For Thunderbird, you can select "View"> "Message Body"> "plain text" (figure 2)

498) this. style. width = 498; "border = 0>

Of course, this is not all the problem. We should also pay attention to the security issues caused by email attachments. Malicious Code contained in some files in the attachment may exploit vulnerabilities in the system, so you need to be cautious.

Users need to pay attention to the following basic rules: Do not download or open an attachment unless you really need it; do not open it before you are sure of the security of the email; be highly vigilant before opening an executable file.

Iii. Mechanism: use multi-layer defense

Just like anti-malware, to protect the security of the email system, we also need to adopt a variety of defense measures to make these measures a copper wall against network threats.

1. Client Security Settings: In fact, all major email clients provide security settings, anti-spam, anti-phishing, and other functions. Users should use these functions to block related threats before they cause harm. For example, the security settings of thunderbird are as follows: (figure 3)

498) this. style. width = 498; "border = 0>

2. Firewall:Many enterprise-level firewalls can not only prevent network attacks, but also filter malicious code in attachments to ensure the security of the email system. Of course, this requires the enterprise to set relevant rules in advance.

3. encryption:It is not only necessary to prevent malicious emails from reaching the user's desktop, but also to protect outgoing mails. The simplest method is to use encryption to convert outgoing messages into an unreadable form by unauthorized personnel. You can also use encrypted transmission channels when sending emails. For example, in Outlook Express, you can make the following settings. Click "Tools"> "options"> "security". Here, you need to set a digital ID. As shown in: (Figure 4)

498) this. style. width = 498; "border = 0>

Of course, encryption can be completed by firewalls or additional software.

4. make proper use of anti-virus tools: Currently, many anti-virus tools can be embedded in mail clients such as outlook express and can find and clear viruses, worms, and Trojans in emails. Software such as Kingsoft drug overlord has this function. As shown in: (figure 5)

498) this. style. width = 498; "border = 0>

5. spam filter:An excellent spam filter can distinguish between valid mails and spam mails, and protect users' inbox from spam. However, using this component requires some skills and proper operations. Otherwise, a large number of valid emails may be deleted from the user's inbox, but some junk emails may pass the check. But now the spam recognition technology has been greatly improved, which can make the spam filter more accurate.

4. Institutional and ideological aspects: educating users:

I have mentioned this in several previous articles. In particular, we need to emphasize the effectiveness of user education activities. Otherwise, the activities will be in form and will be ineffective. Fundamentally, the most important way to protect email is to educate users so that they can master the knowledge and skills to ensure Email Security. Users who have security threats to emails do not open an email attachment that may be infected with virus, or click its link or perform other dangerous activities.