Safety hidden trouble and countermeasure of webmail application

Source: Internet
Author: User
Keywords Security
Internet users send and receive emails via web pages called Webmail. Compared with the use of special mail transceiver programs, such as OutlookExpress, The_bat, Webmail has the advantage of convenience at the same time, there are a lot of security risks. This article on these security risks and countermeasures to discuss, I think, whether for ordinary webmail users, or webmail system providers, have a certain reference significance. Introduction whether foreign Hotmail, yahoomail, or domestic sinamail, sohumail, all enable Internet users to easily send and receive email through the Web pages around the world. However, the unauthorized use of webmail, from the webmail portal to receive malicious code and other vicious cases are also increasing. Therefore, the use of webmail face security challenges, every Internet unit should seriously consider this issue! Basically, the security hidden trouble and countermeasures of webmail are mainly embodied in such aspects as virus defense, content filtering, encryption technology, webmail system security framework, and establishing security rules. The following are discussed separately. The most serious threat of virus defense using webmail in the absence of restrictive measures is the possibility of downloading e-mail messages that carry computer viruses. To do this, we need to work together on both client and server to create a good and layered anti-virus defense environment. Typically, anti-virus software is installed on the network's firewall, SMTP gateway, e-mail server, file server, and user station. If you use a dedicated mail transceiver, you can first scan and check the anti-virus software that is turned off by the SMTP gateway before the message arrives at the user's desk. If a virus is found, the associated e-mail message will be stripped of its attachments and sent or simply deleted. If the "first instance clearance" is not all right, the anti-virus software on the mail server will perform a second scan of the incoming messages. Finally, when the user actually receives the message, the anti-virus software on the client computer performs the scan detection again. Oh, this process is not like the movie into the secret department before the security scene? Email was the strictest scrutiny before seeing God. However, if you use webmail, you will bypass both the SMTP gateway and the e-mail server. At this time, the solution has two: 1, rely on the user PC anti-virus software and firewall one-man combat. Maintain a centralized, layered anti-virus defense system that automatically updates anti-virus software to ensure that the last shut off anti-virus software is updated in a timely manner. This is a key solution at the technical level. 2, improve the virus prevention management system, in an organization strictly webmail the use of restrictions. For example, only people in the PC management department are allowed to use webmail because they have a relatively high level of skill and take the right steps when they encounter a viral infection. Using electronice-mail Content filter to prevent users who use e-mail often receive sweet talk or gossip from new friends around the world every day. Or, some users like to keep making this information and sending it to others. "Come without indecent assault?" There are a lot of such events. In September 2000, for example, Dow company dismissed 24 employees who had stored and sent pictures of sex and violence on a corporate computer. These facts show that unauthorized e-mail delivery is one of the most substantial threats to an organization, and it is important to enforce an e-mail content filtering system in your organization! e-mail content filtering products can solve this problem. For example, http://www.gfi.com/'s Mail extraction (mail Essentials) product examines data in and out of the organization, and if an e-mail message contains a specified malicious keyword, the message is quarantined for further review. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' src= '/files/uploadimg/20051219/1015190.jpg ' > If a message passes through an SMTP gateway, you can install an e-mail content filtering product on it. If webmail is used, the filter should be limited to the use of webmail. Encrypting with encryption is the most effective way to protect all sensitive e-mail messages, and many dedicated mail transceivers provide encryption, such as the the_bat! that I have been using to have PGP encryption: 498) this.width=498; ' OnMouseWheel = ' Javascript:return big (This) ' src= '/files/uploadimg/20051219/1015191.jpg ' > but if you use webmail, you usually don't have this kind of encryption protection. To achieve encrypted transmission, you need to use encryption software to encrypt mail attachments manually before using webmail. For ordinary users, this is a very troublesome thing, must first be the encryption system training. Everything is special, http://www.hushmail.com/is a webmail site that provides encryption technology, where interested people can go for a try: 498) this.width=498; ' OnMouseWheel = ' javascript: Return big (This) ' src= '/files/uploadimg/20051219/1015192.jpg > Enhanced Webmail Provider's system security rootAccording to the statistics of security accidents in recent years, the security problems of webmail system providers are worth paying attention to. In August 1999, for example, a security vulnerability was found in the Hotmail website, through which an attacker could access a user account without a password. Moreover, in recent years, the Hotmail website has a series of security problems, each of which poses a potential threat to the security of thousands of accounts. Therefore, webmail system providers must work to strengthen their systems ' security accreditation procedures. At the same time, as much as possible to shorten the mail server security detection interval, so that it appears in the "Never tired to work." In addition, if the information stored in the mail server is very urgent, focus should also be given to implementing server mirroring or hot backup measures. The establishment of effective security rules and systems to achieve good results, relying solely on technology is far from enough! "Technology + Management" is a comprehensive and effective fundamental strategy. An organization's security rules should be described clearly, easily understood, and operable so that both ordinary and advanced users can truly implement them. For example: 1, stipulates that "the company's staff in the working hours must not use webmail to send and receive e-mail, possible webmail system including Hotmail, Yahoo Mail, Sinamail, sohumail, etc.". 2. stipulates that "the staff of our company can use webmail to send and receive email not more than 1 times per week, in addition, staff members should not use webmail to send and receive emails in working hours". In addition, the rules should also describe the possible consequences of violating rules, how to monitor user use, and so on. Prohibit the use of webmail if you want to strictly prohibit internal users from using webmail to send and receive mail, you can do so by modifying the network configuration of the firewall or router. First, determine the IP address of the webmail Web site that you want to block. These addresses are then set to block on the firewall or router. Note, however, that simply setting IP address information is not enough, because webmail sites generally offer other services, such as Yahoo Webmail and search engine functionality. Therefore, the port information for the webmail service must be further determined. In addition, we can use Internet filtering and monitoring software to prohibit the use of webmail. For example, Http://www.elronsw.com's Elron Internet Manager is a software that can effectively block access to Yahoo webmail by adding "Yahoo Mail" to the filter Dictionary: 498) this.width=498 ; ' OnMouseWheel = ' javascript:return big (This) ' height=262 src= '/files/uploadimg/20051219/1015193.jpg "width=443> In addition to Elron, the use of Internet monitoring software, such as http://www.websense.com/, can also limit access to the webmail site, All you have to do is specifically prohibit access to the site in its security Policy: 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' src= '/files/uploadimg/ 20051219/1015194.jpg "> Conclusion the above discusses the security risks and countermeasures of sending and receiving emails on the web, and I hope that ordinary users and managers can learn more defense methods from them. Security is never an overnight, once and for all, it is the march of the network era, the need for technology, more needs of management, we need each of the tireless efforts of the network. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passed (0 Votes) The original text: Webmail application of security risks and countermeasures return to network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.