DOCSLIB.ORG

BRKSEC-2327.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
BRKSEC-2327.Pdf SPF is not an acronym for "Spoof"! Let's utilize the most out of the next layer in Email Security! Robert Sherwin, Cisco Email Security TME BRKSEC-2327 Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Email Security specific sessions this week 250 not OK: Going on the From Zero to DMARC Hero API Integrations for Cisco Email defensive with Cisco Email • TECSEC-2310 Security Security • Monday, January 27 | 02:30 PM - 06:45 • DEVNET-2326 • TECSEC-2345 PM • Tuesday, January 28 | 10:00 AM - 10:45 • Monday, January 27 | 08:45 AM - 01:00 • Hall 8.0, Session Room D138 AM PM • Hall 6 - The Hub, DevNet Classroom 2 • Hall 8.1, CC8, Room 8.29/8.30 AsyncOS Release 13.0 - What's SPF is not an acronym for Fixing Email! - Cisco Email new in Email Security "Spoof"! Let's utilize the most Security Advanced • LTRSEC-2319 out of the next layer in Email Troubleshooting • Thursday, January 30 | 09:00 AM - Security! • BRKSEC-3265 01:00 PM • BRKSEC-2327 • Friday, January 31 | 09:00 AM - 10:30 • Hall 8.0, Session Room B110 • Thursday, January 30 | 02:45 PM - AM 04:15 PM • Hall 8.0, Session Room A104 • Hall 8.0, Session Room B115 BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Agenda Our session has 90 minutes! We have a lots to cover... • Review (or Intro) to Cisco Email Security • Email Pipeline • Acronyms • A typical message • Utilizing SPF, DKIM, DMARC on Cisco Email Security • Next-level utilization of SPF, DKIM, DMARC • Cisco Advanced Phishing • Cisco Domain Protection • Phishing Efficacy • Cisco Security Awareness Let’s get started! BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Agenda • What this session will not cover: • In-depth SPF, DKIM, DMARC record creation and understanding. (Please see TECSEC-2310, From Zero to DMARC Hero) • SPF, DKIM, DMARC troubleshooting. (Please attend BRKSEC-3265, Fixing Email! - Cisco Email Security Advanced Troubleshooting) BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 The Speaker • Technical Marketing Engineer, Email Security • Joined Cisco December 2011 • Cisco Live Speaker in US, EMEA, APJC • 18 years of combined Network, Data Center, and Security experience • 6 years in Cisco TAC, joined TME team in 2018 • Based out of Morrisville, NC (US) Robert Sherwin ([email protected]) BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 January 28, 2020 “... sent phishing emails that gave them access to the companies’ email systems — giving the fraudsters an even bigger trove of information about the victim companies.” “The two companies wired several payments to the fraudulent accounts, adding up to more than $120 million.” - US FBI News: Leader of Fraud Ring Sentenced “6.4 billion – the number of fake emails sent worldwide – every day.” - EY Global Information Security Survey 2018-19 Let’s take a different look in context at 6.4 billion and compare to something more quantifying, like, time... 6,000 minutes = 4.166667 days 6,000,000 minutes = 4166.667777 days (or 11.41 years) 6,000,000,000 minutes = 4166666.667777 days (or 11407.71 years) That is a LOT of emails! Everyday... Review of Cisco Email Security As we discuss layers of email security, our ‘layers’ are provided from the mail flow pipeline... Cisco Email Security Mail Flow Pipeline INCOMING Connection level protection Sender Reputation Filtering (SBRS) Anti-spoof, throttling & verification Connection Filtering Sending domain verdict analysis Sender Domain Reputation (SDR) * Message Filtering Spam protection, URL analysis Content Scanning (CASE) Virus protection Anti-virus Scanning (AV) Per Malware protection Advanced Malware Protection (AMP) - policy Marketing/Social/Bulk email detection Graymail Detection Content protection Content Filtering Malware, Phishing, URL threat protection Outbreak Filtering (VOF) Phishing behavioral analytics & protection Advanced Phishing Protection (APP) BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Cisco Email Security Mail Flow Pipeline OUTBOUND Connection level protection Sender Reputation Filtering (SBRS) Encryption & authentication enforcement Connection Filtering * Message Filtering Spam protection, URL analysis Content Scanning (CASE) Virus protection Anti-virus Scanning (AV) Malware protection Advanced Malware Protection (AMP) Per - Marketing/Social/Bulk email detection Graymail Detection policy Content protection Content Filtering Malware, Phishing, URL threat protection Outbreak Filtering (VOF) Sensitive data protection & encryption Data Loss Prevention (DLP) Brand protection, SPF/DKIM/DMARC administration Domain Protection (DP) BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Within these layers of email security, Cisco Email Security features and services that always come with acronyms... Typical acronyms used in email security Who loves acronyms? Cisco loves to utilize acronyms a lot... ADFS : Active Directory Federation Services HAT : Host Access Table TA : Threat Analyzer AMP : Advanced Malware Protection ICID : Incoming Connection ID TLS : Transport Layer Security API : Application Programming Interface IETF : Internet Engineering Task Force TME : Technical Marketing Engineer APPC : Advanced Phishing Protection Console IMS : Intelligent Multi-Scan TOC : Threat Operations Center AS (A/S) : Anti-spam IPAS : IronPort Anti-Spam UI : User Interface AV (A/V) : Anti-virus ISQ : IronPort Spam Quarantine vESA (ESAv/ESAV) : Virtual Email Security BATV : Bounce Address Tag Validation LDAP : Lightweight Directory Access Protocol Appliance BEC : Business Email Compromise MAR : Mailbox Auto Remediation vSMA (SMAv/SMAV) : Virtual Security BIMI : Brand Indicator Message Identification MFP: Mail Flow Policy Management Appliance CASE : Context Adaptive Scanning Engine MID : Message ID VOF : Virus Outbreak Filtering CDP (DMP) : Cisco Domain Protection MX : Mail Exchange (DNS record) WBRS : Web Base Reputation Service CES : Cloud Email Security NTP : Network Time Protocol WSA : Web Security Appliance CLI : Command Line Interface PoC : Proof of Concept XML : Extensible Markup Language CRES (see RES) PoV : Proof of Value 2FA : (2) Two Factor Authentication CTR : Cisco Threat Response PXE : PostX Encryption DCID : Delivery Connection ID RAT : Recipient Access Table DHAP : Directory Harvest Attack Prevention REPENG : Reputation Engine DKIM : DomainKeys Identified Mail RID : Recipient ID DLP : Data Loss Prevention RES : Registered Envelope Service DMARC : Domain-based Message SAML : Security Assertion Markup Language Authentication, Reporting and Conformance SBG : Security Business Group DNS : Domain Name System SBRS : Sender Base Reputation Service ESA : Email Security Appliance SDR : Sender Domain Reputation ESMTP : Extended (or Enhanced) Simple Mail SLBL : Safe List Block List Transfer Protocol SMA: Security Management Appliance ETF : External Threat Feed S/MIME : Secure/Multipurpose Internet Mail EUQ : End-user Quarantine (aka Spam Extensions Quarantine) SMTP : Simple Mail Transfer Protocol FA : File Analysis (Threat Grid) SNMP : Simple Network Management Protocol FED : Forged Email Detection SOC : Security Operations Center FR : File Reputation (AMP) SPF : Sender Policy Framework GUI : Graphical User Interface SSL : Secure Sockets Layer BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Email pipeline (what happens and where) SMTP Server Workqueue SMTP Client • Host Access Table (HAT) • LDAP RCPT Accept (WQ • Encryption • IP Reputation deferred) • Virtual Gateways System System gateway virtual or • External Threat Feeds • Masquerading • Delivery Limits (Table/LDAP) (IoC) • Received Header • LDAP Routing • Connection Throttling • Domain Based Limits • Message Filters • Sender Verification • Domain Based Routing • (Per-policy scanning) • SPF, DKIM, DMARC • Global Unsubscribe • CASE (Anti-Spam) • Sender Domain • S/MIME Encryption Reputation • Anti-Virus • DKIM Signing • Received Header • AMP listener settings • Bounce Profiles - • Default Domain • File Reputation • Message Delivery Per • Domain Map • File Analysis • Encryption • Recipient Access Table • Graymail Detection • Virtual Gateways • Alias Table • Content Filtering • LDAP RCPT Accept • DLP filtering • SMTP Call-Ahead (Outbound) • Outbreak Filtering BRKSEC-2327 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 A typical SMTP conversation $ telnet alln-mx-01.cisco.com 25 Trying 173.37.147.230... Connected to alln-mx-01.cisco.com. Escape character is '^]'. 220 alln-inbound-e.cisco.com ESMTP helo pipershark.com 250 alln-inbound-e.cisco.com Envelope From, Mail From, Envelope Sender, … MAIL FROM:<[email protected]> 250 sender <[email protected]> ok Envelope Envelope To, Envelope Recipient RCPT TO:<[email protected]> 250 recipient <[email protected]> ok DATA { Header From, 354 go ahead Subject: SMTP CONVERSATION TEST MESSAGE RFC5322.From, “Friendly B From”, … Headers From: Email Admin <[email protected]> o {To: Robert Sherwin (robsherw) <[email protected]> d Here is the email, hope you receive it. Recipient, Header To, Body { . RFC5322.To, … y 250 ok: Message 143004492 accepted { quit 221
Load more

Recommended publications
  • Handling Unwanted Email What Are the Main Sources of Junk Email?
    Handling unwanted email Almost entirely based on a presentation by Brian Candler What are the main sources of junk email? · Spam Unsolicited, bulk email Often fraudulent ± penis enlargement, lottery scams, close relatives of African presidents, etc. Low response rate => high volume sent · Viruses, Trojan horses Infected machine sends out mails without the owner 's knowledge · Malicious bounces These are called ªcollateral spamº or ªJoe-jobsº Junk mail is sent with forged MAIL FROM Accepted by some intermediate MTA, but later it bounces Bounces go to innocent third party 1 What are the costs? · Important messages can be accidentally discarded The more junk, the higher the risk · Wasted time Deleting junk Setting up and maintaining ®lters Checking discarded mail for false positives · Wasted bandwidth and disk space Especially for users on modems Viruses and spam attachments can be large · Annoyance, offence, even fraud There are no easy answers! 2 Where can you ®lter? · At the end-user hosts ✓ Each client has full control and customization ✓ Distributes the processing cost ✗ Client must still download each message · On the ISP's mail server ✓ Easier for users ✓ Sometimes can be rejected before receiving the body ✓ Saves disk space on the server ✗ Hard to make ¯exible for users to customize The Joe-job problem · Don't accept a message and then bounce it later If its sender is forged, we are creating a Joe-job · Much better to reject at RCPT TO or DATA stages A real MTA sender will create a bounce Spamware will ignore the rejection · For
    [Show full text]
  • Electronic Mail Standard
    IT Shared Services Standard: Electronic Mail Standard For South Carolina State Agencies Version 1.0 Effective: August 8, 2018 Revision History: Date Authored by Title Ver. Notes Recommended by the Security and Architecture 08.08.2018 Standards 1.0 Executive Oversight Group. Review Board Standard finalized. Electronic Mail Standard | 2 Contents Revision History: ................................................................................................................................... 1 Electronic Mail ...................................................................................................................................... 4 Rationale ........................................................................................................................................... 4 Agency Exception Requests ............................................................................................................... 4 Current State..................................................................................................................................... 4 Purchasing......................................................................................................................................... 4 Maintenance ..................................................................................................................................... 5 Service Level Agreements ............................................................................................................. 5 Security ............................................................................................................................................
    [Show full text]
  • Set up Mail Server Documentation 1.0
    Set Up Mail Server Documentation 1.0 Nosy 2014 01 23 Contents 1 1 1.1......................................................1 1.2......................................................2 2 11 3 13 3.1...................................................... 13 3.2...................................................... 13 3.3...................................................... 13 4 15 5 17 5.1...................................................... 17 5.2...................................................... 17 5.3...................................................... 17 5.4...................................................... 18 6 19 6.1...................................................... 19 6.2...................................................... 28 6.3...................................................... 32 6.4 Webmail................................................. 36 6.5...................................................... 37 6.6...................................................... 38 7 39 7.1...................................................... 39 7.2 SQL.................................................... 41 8 43 8.1...................................................... 43 8.2 strategy.................................................. 43 8.3...................................................... 44 8.4...................................................... 45 8.5...................................................... 45 8.6 Telnet................................................... 46 8.7 Can postfix receive?..........................................
    [Show full text]
  • What Is DMARC, SPF, and DKIM? • How to Configure • Common Mistakes • Best Practices • How Phishes Get By
    How to Prevent 81% of Phishing Attacks From Sailing Right Through DMARC, SPF, and DKIM Roger A. Grimes Data-Driven Defense Evangelist [email protected] About Roger • 30 years plus in computer security • Expertise in host and network security, IdM, crypto, PKI, APT, honeypot, cloud security • Consultant to world’s largest companies and militaries for decades • Previous worked for Foundstone, McAfee, Microsoft • Written 11 books and over 1,000 magazine articles • InfoWorld and CSO weekly security columnist since 2005 • Frequently interviewed by magazines (e.g. Newsweek) and radio shows (e.g. NPR’s All Things Considered) Roger A. Grimes Certification exams passed include: Data-Driven Defense Evangelist KnowBe4, Inc. • CPA • CISSP Twitter: @RogerAGrimes • CISM, CISA LinkedIn: https://www.linkedin.com/in/rogeragrimes/ • MCSE: Security, MCP, MVP • CEH, TISCA, Security+, CHFI • yada, yada Roger’s Books 3 KnowBe4, Inc. • The world’s most popular integrated Security Awareness Training and Simulated Phishing platform • Based in Tampa Bay, Florida, founded in 2010 • CEO & employees are ex-antivirus, IT Security pros • 200% growth year over year • We help tens of thousands of organizations manage the problem of social engineering 4 Today’s Presentation • What is DMARC, SPF, and DKIM? • How to Configure • Common Mistakes • Best Practices • How Phishes Get By 5 • What is DMARC, SPF, and DKIM? § How to Configure Agenda • Best Practices • How Phishes Get By 6 DMARC, DKIM, SPF Global Phishing Protection Standards • Sender Policy Framework (SPF) • Domain
    [Show full text]
  • A Security Analysis of Email Communications
    A security analysis of email communications Ignacio Sanchez Apostolos Malatras Iwen Coisel Reviewed by: Jean Pierre Nordvik 2 0 1 5 EUR 28509 EN European Commission Joint Research Centre Institute for the Protection and Security of the Citizen Contact information Ignacio Sanchez Address: Joint Research Centre, Via Enrico Fermi 2749, I - 21027 Ispra (VA), Italia E-mail: [email protected] JRC Science Hub https://ec.europa.eu/jrc Legal Notice This publication is a Technical Report by the Joint Research Centre, the European Commission’s in-house science service. It aims to provide evidence-based scientific support to the European policy-making process. The scientific output expressed does not imply a policy position of the European Commission. Neither the European Commission nor any person acting on behalf of the Commission is responsible for the use which might be made of this publication. All images © European Union 2015, except: Frontpage : © bluebay2014, fotolia.com JRC 99372 EUR 28509 EN ISSN 1831-9424 ISBN 978-92-79-66503-5 doi:10.2760/319735 Luxembourg: Publications Office of the European Union, 2015 © European Union, 2015 Reproduction is authorised provided the source is acknowledged. Printed in Italy Abstract The objective of this report is to analyse the security and privacy risks of email communications and identify technical countermeasures capable of mitigating them effectively. In order to do so, the report analyses from a technical point of view the core set of communication protocols and standards that support email communications in order to identify and understand the existing security and privacy vulnerabilities. On the basis of this analysis, the report identifies and analyses technical countermeasures, in the form of newer standards, protocols and tools, aimed at ensuring a better protection of the security and privacy of email communications.
    [Show full text]
  • Glossary Updated – July 2014
    Glossary Updated – July 2014 Ad Blocker - A software utility which can be either a browser add-on or integrated within a browser which prevents advertisements from being displayed or third party content from being served. Examples include Adblock Plus and Noscript. Leading browsers offer limited controls to block third party content including Microsoft Internet Explorer 9 and Mozilla Firefox. Address Specification (also known as: email address spec or addr-spec) - Addresses occur in several message header fields to indicate senders and recipients of messages. An address may either be an individual mailbox, or a group of mailboxes. [RFC 2822] Ad Exchange - Ad exchanges facilitate auction-based, real-time buying and serving of ads. Ad exchanges operate by serving as intermediaries between ad networks, publishers, and advertisers. Ad exchanges provide a sales channel to publishers and ad networks, as well as aggregated inventory to advertisers. Ad exchanges’ business models and practices may include features that are similar to those offered by ad networks. Ad Impression (or impressions) -Total number of times an ad (or malvertisement) is served on one or more sites. A single malvertising creative may be served to multiple users as a result of a single incident with upwards to 100,000 or more impressions, depending on the site(s) the malvertising is served on and the frequency of rotation of the ad on the site(s) and the life of the campaign. Ad Network - An ad network is a company that works with a group of Web sites and sells advertising space on their behalf. Ad networks provide an outsourced sales capability for publishers and a means to aggregate inventory and audiences from numerous sources in a single buying opportunity for media buyers.
    [Show full text]
  • 98-367: Security Fundamentals
    98-367: Security Fundamentals 1. Understand security layers (25–30%) 1.1. Understand core security principles Confidentiality; integrity; availability; how threat and risk impact principles; principle of least privilege; social engineering; attack surface analysis; threat modelling 1.2. Understand physical security Site security; computer security; removable devices and drives; access control; mobile device security; disable Log On Locally; keyloggers 1.3. Understand Internet security Browser security settings; zones; secure websites 1.4. Understand wireless security Advantages and disadvantages of specific security types; keys; service set identifiers (SSIDs); MAC filters 2. Understand operating system security (30–35%) 2.1. Understand user authentication Multifactor authentication; physical and virtual smart cards; Remote Authentication Dial- In User Service (RADIUS); Public Key Infrastructure (PKI); understand the certificate chain; biometrics; Kerberos and time skew; use Run As to perform administrative tasks; password reset procedures 2.2. Understand permissions File system permissions; share permissions; registry; Active Directory; NT file system (NTFS) versus file allocation table (FAT); enable or disable inheritance; behavior when moving or copying files within the same disk or on another disk; multiple groups with different permissions; basic permissions and advanced permissions; take ownership; delegation; inheritance 2.3. Understand password policies Password complexity; account lockout; password length; password history; time
    [Show full text]
  • BOD-18-01 Original Release Date: Applies To: All Federal Executive Branch Departments and Agencies
    Secretary U.S. Department of Homeland Security Washington,DC 20528 Homeland Security Binding Operational Directive BOD-18-01 Original Release Date: Applies to: All Federal Executive Branch Departments and Agencies FROM: Elaine C. Duke Acting Secretary OCT 1 6 20t7 CC: Mick Mulvaney Director, Office of Management and Budget SUBJECT: Enhance Email and Web Security A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguardingfederal information and information systems. 44 U.S.C. § 3552(b)(l). The Department ofHomeland Security (DHS) develops and oversees the implementation ofbinding operational directivespursuant to the Federal InformationSecurity Modernization Act of2014 ("FISMA"). Id.§ 3553(b)(2). Federal agencies are required to comply with these DHS-developed directives. Id. § 3554(a)(l)(B)(ii). DHS binding operational directivesdo not apply to statutorily defined"National Security Systems" or to certain systems operated by the Department ofDefense orthe Intelligence Community. Id. § 3553(d)-(e). I. Background Federal agency 'cyber hygiene' greatly impacts user security. By implementing specific security standards that have been widely adopted in industry, federal agencies can ensure the integrity and confidentiality of internet-delivered data, minimize spam, and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system. Based on current network scandata and a clear potential forharm, this directive requires actions related to two topics: email security and web security. A. Email Security STARTTLS When enabled by a receiving mail server, STARTTLS signals to a sending mail server that the capability to encrypt an email in transit is present.
    [Show full text]
  • Composition Kills: a Case Study of Email Sender Authentication
    Composition Kills: A Case Study of Email Sender Authentication Jianjun Chen, Vern Paxson, and Jian Jiang Component-based software design has been widely adopted as a way to manage complexity and improve reusability. The approach divides complex systems into smaller modules that can be independently created and reused in different systems. One then combines these components together to achieve desired functionality. Modern software systems are commonly built using components made by different developers who work independently. While having wide-ranging benefits, the security research community has recognized that this practice also introduces security concerns. In particular, when faced with crafted adversarial inputs, different components can have inconsistent interpretations when operating on the input in sequence. Attackers can exploit such inconsistencies to bypass security policies and subvert the system’s operation. In this work we provide a case study of such composition issues in the context of email (SMTP) sender authentication. We present 18 attacks for widely used email services to bypass their sender authentication checks by misusing combinations of SPF, DKIM and DMARC, which are crucial defenses against email phishing and spear-phishing attacks. Leveraging these attack techniques, an attacker can impersonate arbitrary senders without breaking email authentication, and even forge DKIM-signed emails with a legitimate site’s signature. Email spoofing, commonly used in phishing attacks, poses a serious threat to both individuals and organiza- tions. Over the past years, a number of attacks used email spoofing or phishing attacks to breach enterprise networks [5] or government officials’ accounts [10]. To address this problem, modern email services and websites employ authentication protocols—SPF, DKIM, and DMARC—to prevent email forgery.
    [Show full text]
  • Master Thesis Characterizing Sender Policy Framework Configurations At
    Master Thesis Characterizing Sender Policy Framework Configurations at Scale Gabri¨elMathay Kahraman Monday 7th September, 2020 A thesis presented for the degree of Master of Science Computer Science Design and Analysis of Communication Systems (DACS) Chair: prof. dr. ir. Aiko Pras Supervisor: dr. ir. Mattijs Jonker Co-supervisors: ir. Olivier van der Toorn and dr. Doina Bucur Abstract Phishing involves disguising oneself as a trustworthy entity in electronic communication, for example, by pretending to send e-mail on behalf of a company. Phishing e-mails can be prevented if domains implement e-mail security techniques. One of the techniques to improve e-mail security is the Sender Policy Framework (SPF). To enable SPF, the administrator of a domain can specify an SPF policy in the DNS zone of the domain. The SPF policy determines which IP addresses are authorised to send e-mail from the administrator's domain. When an e-mail server receives an e-mail, the e-mail server retrieves the SPF policy of the sender's domain. Next, the IP address of the sender will be queried against the SPF record, and the response of this query determines how to handle the incoming e-mail. The SPF standard was released over six years ago. Even though six years have passed, the research community does not yet have a thorough understanding of the characteristics of SPF use. What we miss is an understanding of how SPF policies are configured, how SPF policies have changed over time, and what the problematic trends are of SPF use. In this Thesis, we address the missing of a large scale analysis on SPF policies over time.
    [Show full text]
  • PERSONAL EMAIL MANAGER USER HELP Websense® Email Security Gateway
    PERSONAL EMAIL MANAGER USER HELP Websense® Email Security Gateway v7.8.x ©2014 Websense Inc. All rights reserved. 10240 Sorrento Valley Rd., San Diego, CA 92121, USA R051478x Published May 2014 Printed in the United States of America and Ireland. The products and/or methods of use described in this document are covered by U.S. Patent Numbers 6,606,659 and 6,947,985 and other patents pending. This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent in writing from Websense Inc. Every effort has been made to ensure the accuracy of this manual. However, Websense Inc., makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice. Trademarks Websense, the Websense Logo, Threatseeker and the YES! Logo are registered trademarks of Websense, Inc. in the United States and/or other countries. Websense has numerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners. Contents Topic 1 Overview . 1 What is Personal Email Manager? . 1 Personal Email Manager Help overview . 2 Topic 2 Working with Notification Messages . 5 Notification message format. 5 Notification message actions . 5 Not Spam. 6 Deliver.
    [Show full text]
  • Registrant Security Requirements
    REGISTRANT SECURITY REQUIREMENTS REQUIREMENTS ACTION NEEDED BENEFIT WHO CAN HELP PRELIMINARY Verify: Verification prevents cybersquatting fTLD VERIFICATION 1. The domain name corresponds to your and makes it impossible for bad actors Approved registrars organization's legal name or brand; to register a domain name or contact your customers while posing as your 2. Your organization is eligible to apply for organization. the domain name; 3. The employee requesting the domain name on behalf of your organization is authorized to do so. 1 Ensure authoritative name server host In-zone name servers place the same DNS provider ZONE names are within the .BANK domain zone. security requirements on the name Approved registrars server as the .BANK domain itself. 2 Implement Domain Name System DNSSEC ensures that internet users DNS provider Security Extensions (DNSSEC) with are reaching your organization online Approved registrars ZONE strong cryptographic algorithms. and have not been redirected to a fraudulent website. 3 Obtain a digital identity certificate. Your .BANK domain will resolve to Certificate authority ENCRYPTION HTTPS, which ensures all data is Registrar secure in transit. Web host 4 Ensure Transport Layer Security (TLS) TLS creates an encrypted connection, Certificate authority has been implemented using version 1.2 protecting your website and visitors, ENCRYPTION Registrar or greater where required. securing email communications, and Web host supporting the safe and secure Email provider transmission of information and transactions. 5 Publish in DNS as a text record: DMARC helps protect against phishing Email security and spoofing, and increases the provider EMAIL 1. Domain-based Message Authentication, Approved registrars AUTHENTICATION Reporting, and Conformance deliverability of email to your customers, (DMARC) record; especially when used in combination with SPF and/or DKIM.
    [Show full text]