8. User Actions: Clean up the inbox Sweeping options Block senders forever Spam & Clutter mails Move/delete messages from senders: One or more senders in a row
10. User Actions:Read, Response and/or delete e-mails If a type of e-mail is always deleted without previously be opened Analyzing sender and subject user is able to know that those e-mails are not useful for they -> SCL++ If a type of e-mail is always opened at first position, that means it´s important -> SCL -- If user search e-mails using a characteristic and then delete them Etcetera…
11. Server ReputationLevel (SRL) Reduces the impact of spamming servers. Identifies server reputation based on the SCL obtained by the previous e-mails which it sent SRL allows to quickly detect a new spamming server or an unsecure e-mail server which is being used to spam.
12. Microsoft SmartScreen Evaluates message characteristics SCL Evaluates user opinions SCL is interactive Evaluates user actions SCL is dynamic and customized Evaluates server reputation SCLs based on which is sending the message Real-Time Black-hole Lists
14. My “own” spams They are coming from our contacts The password has been stolen There is a malware/Trojan/Bot in our contact’s machine Solutions: Antimalware Microsoft Security Essentials 2.0 Improve protection of Windows Live account Use SSL Single-Use Codes Password retrieval Trusted PC Mobile number
16. Microsoft Security Essentials 2.0 Free for home-users Free for companies of 10 or less installations. Automatic updates Real-Time protection It is the same antimalware engine which is currently in use in corporate solutions as: Forefront Client Protection Forefront Endpoint Protection 2010
19. Associated mobile number It allows users to access to Single-Use Codes It allows to quickly obtain a new password
20. Single-Use Codes From a secure connection, users can request for a Single-Use Code. Users can request as much codes as they think they will need. Codes are sent to the mobile number associated to the Windows Live account. Every code can be only used once. If the user connects to Windows Live from an unsecure connection/computer and code is stolen, nothing happens. Single-Use codes are useful after used.
22. Windows Live Messenger Chats are not encrypted Microsoft Office Communications Server: encrypt, antimalware, corporate policy, etc… There are a lot of partners with free/professionals add-ins to encrypt Windows Live Messenger messages. Ex: SecwaySimp Lite.
24. Trusted PC Windows Live allows users to mark a PC as trusted. This gives user the opportunity of: Quickly retrieve the password from it. Protect the account against DOS attacks
25. Identity impersonating «Attackers» spoof the mail from field E-mails are coming from servers which don´t belong to the domain in the sender address. No digitally signed Solutions? Sender Policy Framework / SenderID DKIM: DomainKey Identified Mail Mutual TLS
52. DKIM & Mutual-TLS DKIM: Pushed by CISCO, Google & Yahoo. Outgoing servers sign e-mails messages with a private key. Public key is in a TXT DNS record. It doesn´t warrant a spoofed e-mail and doesn´t sign the headers. Not so much used on the Internet. Yahoo is using it in test mode and Gmail hasn´t any policy about what to do with a non-signed e-mail from Gmail. Mutual-TLS: Pushed by Microsoft, actually it is working in MS Exchange Servers (and Hotmail). It used a TLS channel between outgoing and incoming servers. Before that, servers authenticate each other using digital certificated. Messages are crypt and communication between servers signed.
53. Summary Keep a system secure needs a constant effort. Threats are changing quickly. Security protections for yesterday risks are not good for today’s ones. Keep a safe and secure e-mail service depends on: Domain owners Server administrators Users owning the inboxes
54. Questions? Chema Alonso chema@informatica64.com http://www.elladodelmal.com http://twitter.com/chemaalonso