Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (98)
  • add to favourites
    Add to Bookmarks

When enhanced security is a must

Read: 17890 Comments: 2 Rating: 9

Tuesday, June 26, 2018

A conventional anti-virus on a PC or smart phone will prevent malicious code from being downloaded or launched. And if a traffic scanning component has been installed, it will protect applications from code-injection attacks that exploit unpatched vulnerabilities (e.g., through nefarious images, something we’ve discussed at length in several Anti-virus Times issues)—the anti-virus will prevent Trojans from meddling with vulnerable programs.

But sometimes an anti-virus can't be installed on all potentially vulnerable devices in a corporate environment. Therefore, companies are recommended to adopt server anti-virus solutions to protect their networks. Anti-viruses for mail servers and gateways scan inbound traffic before it is processed by PCs, servers and other devices. When anti-virus security is organised this way, the applications on these computers are protected from attacks leveraging unknown or unpatched vulnerabilities.

In this case, a typical security schematic will look like this:

#drweb

However, a mail server or Internet gateway may also have vulnerabilities! Here is a recent news post:

Five vulnerabilities were patched at once in Microsoft Exchange. One of them — CVE-2018-8154 — looks particularly dangerous: an attacker just needs to send a specially crafted email to an MS Exchange server to initiate code execution with SYSTEM privileges.

https://habr.com/company/solarsecurity/blog/358274/

A remote code execution vulnerability exists in Microsoft Exchange software whereby the software fails to properly handle objects in the memory. An attacker who has successfully exploited the vulnerability could run arbitrary code in the context of a System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

A security update patching the loophole has already been released, but:

  • We all remember how "often" updates are applied on server machines;
  • If one vulnerability was discovered, more will follow.

And our recommended security schematic becomes more complex. Naturally, the anti-virus for Internet gateways will always be the first to scan inbound traffic. However, an anti-virus mail gateway (SMTP proxy) can be employed to scan the data flow before it reaches the mail server. The anti-virus SMTP proxy facilitates in-depth mail-traffic analysis. It has many advantages, but in our case protecting the mail server is its principal task.

#drweb

#corporate_security #email #vulnerability #security_updates

The Anti-virus Times recommends

Furthermore, an SMTP proxy offers many more options for scanning traffic. But that's a whole different story…

No exploit has been discovered yet for CVE-2018-8154, which means that one could emerge at any moment.

And don’t wait for another malware outbreak to occur before updating your PC, server or smartphone!

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments