1 / 8

Information security in real business firewall security with special emphasis on smtp

Information security in real business firewall security with special emphasis on smtp. FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group. HIGHLIGHTS. Intro Firewall The hole punching problem The result What’s next? Questions/Closing.

louvain
Télécharger la présentation

Information security in real business firewall security with special emphasis on smtp

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information security in real businessfirewall security with special emphasis on smtp FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group

  2. HIGHLIGHTS • Intro • Firewall • The hole punching problem • The result • What’s next? • Questions/Closing

  3. INTRO • The company we are spotlighting today is American Society of Anesthesiologists (ASA). • The ASA is a non-profit organization that caters to its members (Anesthesiologists) by providing services to them such as lobbying, Continuing Medical Education (CME),and board preparation. • Like any other organization, we need to protect our network and data. One of the most popular devices used to accomplish this is a firewall.

  4. FIREWALL • This is a hardware or software device with the goal of restricting access to your network or PC. In this case, we will be taking about a hardware firewall, to be specific, the Cisco ASA5510 • The device used access rules to allow access to applications and servers. On face value, it looks like a very good security practice but there is a very common practice that becomes a bane to an organization.

  5. THE HOLE PUNCHING PROBLEM • In order to allow applications and server access from outside the network or from one segment of the network to another, ports are opened on the firewall. This is known as hole punching. • Most organizations have port 80, 443 and 25 completely open to the outside world on their firewalls. • This is the problem! Anybody including spammers can send email to your mail server.

  6. THE RESULT • The result is damaging! Spam, virus, malware and even denial of service attacks can be launched this way which will affect the availability cornerstone of the Security model • Another result is email spoofing – Sending email as someone else. This falls under the authenticity cornerstone. • This is done by sending email via telnet in the following format. • telnet <public ip> 25 • The email system as a rule doesn’t care about the sender’s address. If no filters are in place beyond the firewall, an illegitimate user can send emails all day to an actual user.

  7. WHAT’S NEXT • Now, the problem has been defined and the results identified, what’s next? • We will state various ways to resolve the problem with pros and cons associated for each method. • Stay tuned for this – Week 10

  8. QUESTIONS/CLOSING • Questions?? • Thanks for listening!!

More Related