This is Part 7 on Securing Your WHS & Network
In this section we will address:
The use of email to infect computers with viruses and other malicious programs has dramatically grown over the years. The goal of this type of email threat is to entice you to click on a URL link or hotspot, download a file, or view images contained in the message. Doing so establishes a connection with their web server and allows them to identify your email address with your public IP address. They may also download a malicious program to your computer.
Once your email address is captured, it is distributed to many other email lists, thus resulting in an ever increasing amount of unwanted emails. This type of email is called SPAM.
We are all familiar with those spam email messages that ask you to click on a link and confirm your identity. The message appears as if it has come from a legitimate source such as a bank or Pay Pal. The goal of this threat is to lure you to disclose personal information such as account name, password, and among other personal information. If an email asks you to provide any personal information, there should be a red flag going up in your mind because mo legitimate business is going to ask you for personal information or to verify your user name and password. This is called phishing where the "ph" is pronounced as "f".
Even though Internet service providers (ISP) or Internet mail providers like Hotmail, Google, and Yahoo attempt to screen the majority of spam email messages, it is likely that some are not detected and might appear in your email Inbox. The basis of this type of email is to make it appear as if it was sent by a legitimate business or organization. Also, the subject may reinforce the legitimacy of the sender or display an enticing or urgent message to encourage you to open the email. Below is an example of email messages that attempt to masquerade their legitimacy by the sender's name and subject.
It is extremely important not to do anything that causes a connection with an unknown or suspicious sender. We strongly recommend that the email program be configured to block the display of images. Allowing the image to display creates a connection to a web server that can download a malicious program to your computer. The following is an example of blocking the display of images.
Look at the "From:" for the address of who sent the message. If the portion of the email address that follows the "@" symbol does not match the organization they claim to represent, then identify the message as being "Junk E-mail" or delete the message. Below is an example of an email message that appears to have been sent by the Girl Scouts. The message has actually been sent from grallomembers.com. Their intent is to lead you to believe you can vote for your favorite cookie and get a free Visa gift card. All three of the links in the message will connect to their web server, validate that your email address is an active address, and download a malicious program.
The most important advice that we can give is to make you aware of these types of schemes. Be suspicious of the email that you receive and inspect the email address that sent the message. For example, if the email address is @paypal.com.badsite.ru the message is not from Pay Pal. It looks like it is from paypal.com but all Internet addresses are read from right to left. In this example the address is read as ru.badsite.com.paypal. In this example ".ru" is a top-level domain that means the user's domain is registered in Russia and "badsite" is the user's domain. User domains are usually referred to as domains. The "paypal.com" is a sub domain of" badsite.ru".
If the email seems to be suspicious do not allow pictures or images to be downloaded. Hover the mouse pointer over the link or hotspot and examine the domain. The domain appears between http:// and the next slash "/". For example, if the link in the message is http://thisis.a.badsite.ru/page.htm then "thisis.a.badsite.ru" is the domain. Be suspicious of domains that end with an ISO country code that is outside your country. Click this link to see all the top-level domains.
In addition to being aware of these threats, it is important that each computer have an anti-virus program installed and that the security definitions that identify threats are updated daily. We will discuss malicious programs and anti-virus software in an upcoming blog.
We offer the following recommendations to enhance the security of computer and your privacy as it applies to email threats.
This blog identified threats that are associated with email messages. Malicious programs are spread by email messages and these programs can be used by a hacker to control your computer to further spread itself. The security plan should be updated to identify threats specific to your network and address methods to resolve each threat. We have developed the Email Threats Risk Assessment to assist with the identification and methods that can reduce threats we identified. The Threat and Risk Assessment Worksheet can be used to document the threats that have been identified and used as a basis to manage them. Both documents are attached at the end of this blog.
This concludes Part 7 of Securing Your WHS & Network. We identified the risks and vulnerabilities that are associated with the misuse of email messages. The administrator should instruct all users how to identify potential threats. The user must be aware that when the link in the email message is clicked or if pictures are downloaded that a connection with a potentially malicious website is established. The website can verify that your email address is valid or it can download a malicious program. The best practice is to identify the message as being "Junk E-mail" or delete the message.
In Part 8, we cover general Internet threats and the role the network router plays to secure the network. The differences between stateful packet inspection and deep packet inspection are explained. We conduct a cost benefit analysis of different methods that can be used to secure the Windows Home Server, the network, and computers on the network.
In the meantime, we invite you to post your comments, suggestions, and questions as a response to this blog.
This series is great but this chapter is somewhat trivial? I forwarded it to my dad who is doing surprisingly well with his WHS.