535 research outputs found
Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing
Emergency services are vital services that Next Generation Networks (NGNs)
have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs,
3GPP has carried the burden of specifying a standardized IMS-based emergency
services framework. Unfortunately, like any other IP-based standards, the
IMS-based emergency service framework is prone to Distributed Denial of Service
(DDoS) attacks. We propose in this work, a simple but efficient solution that
can prevent certain types of such attacks by creating firewall pinholes that
regular clients will surely be able to pass in contrast to the attackers
clients. Our solution was implemented, tested in an appropriate testbed, and
its efficiency was proven.Comment: 17 Pages, IJNGN Journa
Application of Domain Keys Identified Mail, Sender Policy Framework, Anti-Spam, and Anti-Virus: The Analysis on Mail Servers
Viruses spread through email are often sent by irresponsible parties that aim to infect email users' servers. This background encouraged the author to analyze the application of DKIM, SPF, anti-spam, and anti-virus to avoid spam, viruses, and spoofing activities. The goal is for the server to prevent spam, spoofing, and viruses to ensure the security and convenience of email users and prevent the impact of losses caused by them. The design and analysis of DKIM, SPF, anti-spam, and anti-virus applications use the NDLC methodology. The process includes designing spam, spoofing, and virus filtering systems and performing installation and configuration simulations. The next stage is implementation, during which the previously developed system is tested on the spam filtering system, spoofing, and viruses. The last stage is the monitoring stage, where supervision is conducted on the approach to determine its success level. This study concludes that applying the DKIM protocol can prevent spoofing through private and public key-matching methods for authentication. Meanwhile, the application of the SPF protocol can prevent spoofing by authorizing the IP address of the sending server. Additionally, SpamAssassin, ClamAV and Amavisd-New can prevent spam and viruses from entering by checking email headers, bodies, and attachments
That ain’t you: Blocking spearphishing through behavioral modelling
One of the ways in which attackers steal sensitive information from corporations is by sending spearphishing emails. A typical spearphishing email appears to be sent by one of the victim’s coworkers or business partners, but has instead been crafted by the attacker. A particularly insidious type of spearphishing emails are the ones that do not only claim to be written by a certain person, but are also sent by that person’s email account, which has been compromised. Spearphishing emails are very dangerous for companies, because they can be the starting point to a more sophisticated attack or cause intellectual property theft, and lead to high financial losses. Currently, there are no effective systems to protect users against such threats. Existing systems leverage adaptations of anti-spam techniques. However, these techniques are often inadequate to detect spearphishing attacks. The reason is that spearphishing has very different characteristics from spam and even traditional phishing. To fight the spearphishing threat, we propose a change of focus in the techniques that we use for detecting malicious emails: instead of looking for features that are indicative of attack emails, we look for emails that claim to have been written by a certain person within a company, but were actually authored by an attacker. We do this by modelling the email-sending behavior of users over time, and comparing any subsequent email sent by their accounts against this model. Our approach can block advanced email attacks that traditional protection systems are unable to detect, and is an important step towards detecting advanced spearphishing attacks
Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
The critical role played by email has led to a range of extension protocols
(e.g., SPF, DKIM, DMARC) designed to protect against the spoofing of email
sender domains. These protocols are complex as is, but are further complicated
by automated email forwarding -- used by individual users to manage multiple
accounts and by mailing lists to redistribute messages. In this paper, we
explore how such email forwarding and its implementations can break the
implicit assumptions in widely deployed anti-spoofing protocols. Using
large-scale empirical measurements of 20 email forwarding services (16 leading
email providers and four popular mailing list services), we identify a range of
security issues rooted in forwarding behavior and show how they can be combined
to reliably evade existing anti-spoofing controls. We show how this allows
attackers to not only deliver spoofed email messages to prominent email
providers (e.g., Gmail, Microsoft Outlook, and Zoho), but also reliably spoof
email on behalf of tens of thousands of popular domains including sensitive
domains used by organizations in government (e.g., state.gov), finance (e.g.,
transunion.com), law (e.g., perkinscoie.com) and news (e.g.,
washingtonpost.com) among others
A security analysis of email communications
The objective of this report is to analyse the security and privacy risks of email communications and identify
technical countermeasures capable of mitigating them effectively. In order to do so, the report analyses from a
technical point of view the core set of communication protocols and standards that support email
communications in order to identify and understand the existing security and privacy vulnerabilities. On the basis
of this analysis, the report identifies and analyses technical countermeasures, in the form of newer standards,
protocols and tools, aimed at ensuring a better protection of the security and privacy of email communications.
The practical implementation of each countermeasure is evaluated in order to understand its limitations and
identify potential technical and organisational constrains that could limit its effectiveness in practice. The outcome
of the above mentioned analysis is a set of recommendations regarding technical and organisational measures that
when combined properly have the potential of more effectively mitigating the privacy and security risks of today's
email communications.JRC.G.6-Digital Citizen Securit
- …