Efail Attacks

Efail attacks are the latest vulnerability that has been announced on the 15th of May 2018. It attacks encrypted emails that are using PGP and S/MIME encryption protocols, decrypts it, and have full access to the message content and all your company sensitive details.
Not just the currently received message while transferring it but also efail attacks can work on the already existing history of messages.

Unfortunately, efail have no fix announced so far, so the recommendation in order to prevent this attack to happen is to stop using PGP and S/MIME encryption tools and switch to using an alternative end-to-end encryption tool.

The Electronic Frontier Foundation (the leading organization defending civil liberties in the digital world) confirmed this vulnerability and advised to stop using immediately PGP encryption tools and delete any related components and also to not open any old messages using PGP encryption.

The investigations so far proved that the problem is not with the PGP encryption protocol itself but the problem resides in the email client when affected that starts an unauthorized transferring of your email content, that unauthorized transfer is called data exfiltration. As a workaround, you can decrypt your encrypted emails in a separate application outside of your email client.

How do efail attacks work?

Well, let me explain this in the simplest way. The attacker access your PGP or S/MIME encrypted message, either over the network before receiving it or an already existing email that you have, inject it with a certain code that will make the client email(after automatically decrypting the received email) transfer all the data in the message to the attacker

In-House or Cloud Exchange?

Each corporate has its own email database that needs to be stored safely and efficiently.

As a business owner, you may have a lot of concerns regarding how to store your company’s data and communications including sensitive ones. Some of these concerns are where to store these data? How to manage it? And how much this storage and maintenance will cost you?

Well, let us start by answering the “Where” question by two terms, In-house Exchange or Hosted Exchange.

● In-House Exchange: You may choose to store your communication data on your own Exchange servers that your team built by themselves in your corporate and you will have the full control over this data centre

● Hosted Exchange: Or you may choose to store your data over a hosting Cloud so that the provider will make a Microsoft Email for you located on remote servers

 

So now let’s take a closer look at each of the above options to help you take the right decision for your corporate. We will use Worldposta, the cloud base email service, as an example to better explain some features

  In-House Exchange Hosted Exchange
Pricing Despite the initial budget needed in order to build up your email data centre from scratch,

You will never know how your business communication will grow or how often you will need maintenance for your system components or when you need to save a failure. These are unpredictable expenses,

you will need a capital to pay for

The price is a known fixed one that you pay monthly for the hosted service per user. This makes things easier to manage your budget
Operating Expenses You will need to set a specific budget for all software and hardware components. And

since your IT team will be the one responsible to manage and maintain your in-house data centre then this will also cost you time and effort

There will be some initial expenses for installation and one-time migration in order to set up the needed services and minimal ongoing IT maintenance costs.

So the payment here is just to receive the service

Storage As your corporate is growing you will need to increase your email capacity so you could be able to manage all the incoming and outgoing communications needed .this capacity increase, cost you more resources(servers, software) and more time As your corporate is growing your email capacity is easily increased using the latest technologies to adjust to your work needs. As for WorldPosta, it can offer multiple plans and you can choose based on your business needs. They offer a capacity up to 200GB storage per user and 35MB attachment size
Expertise Your IT team will need to have expertise on how to install and built the exchange server and how to maintain it effectively. So you may need frequently held training You will depend on the expertise of the hosting exchange provider and free your IT team from this headache.
WorldPosta Technical support team are available 24/7 to solve any issues
Upgrades Your team will be responsible to make sure that the system is up running  and upgraded to the latest version The system is up running and updated to the latest version automatically with no worries
Scalability Managing growth is a complex process. As the company’s email grows you will need more resources, an adaptive network and software in order to have the ability to run your system effectively with no downtime or failures. And again it’s your IT team responsibility with your budget support to set up the system properly The system is flexible to scalability changes by adding and deleting users easily. The hosting provider is frequently updating the system to fit all needed changes. Your email system is always ready to handle all your business demand which gives more stability to your communication system and therefore your production flow.
Protection Your communication network needs to be exclusively protected against any spam or any external harm. So your team, again and again, is still responsible to provide the latest, updated and most advanced protection layers and antiviruses to keep your communications save In case of the hosted exchange the protection layers and antivirus/spam are already built in to scan your system and prevent any unwanted messages to ruin your network
As for WorldPosta, an email filtering server is used to manage the protection process by applying several stages of scanning before approving the message safety. These stages include anti-spam layers, anti-viruses, Malware detection, images analysis, content blocking and more several intelligent built-in techniques
Disaster Recovery Disasters are unpredictable, then your system could go suddenly down. To face that sudden disaster you will need to have backups and clusters and email archives to keep a clean copy of your data so that your team can take back your system up. These processes are overwhelming  for any company and it’s time-consuming Your email system is always available due to the built-in continuity system to ensure that your system will not go down
For WorldPosta, servers are distributed in 35 available zones and are integrated with Amazon AWS servers which guarantee a high availability with maximum performance

 

Cloud computing technologies are used to solve a lot of complexity that are facing business these days from the financial side, the ease and flexibility of use from another side.

Now that you knew how to face your work complexity, how to ensure the best levels of security furthermore, in what way to face your communication and business growth, I hope this could help you to take the best decision for your company. I believe it’s not difficult any more to decide what the best is for your company.

 

Messaging Protocols

Have you ever wondered how machines or servers can talk to each other? Yes they can talk exactly like a human being but with a different language

When I was young my older sister used to teach me how we signal our brain to hear what other people say and translate it and then send back a signal from the brain to our mouth so we could talk back, I grew up and I realized that it’s not just for humans but also machines can do the same signal process but by establishing a wireless or internet connection between two points and start a flow of sending and receiving signals that held data between these two ends.

 

 

A lot of devices can be connected to each other over several networks and these networks are all also connected to each other, and that’s the internet definition. When a message is sent from one device to another, it passes through different roads depending on the traffic holding the address of the other endpoint it should be reaching.

 

Email Messaging Protocols 

In this article, we will be talking specifically about Email Messaging Protocols and its three main types used to manage and set the rules for the communication between two ends and we are going to know what is happening behind the scene when sending and receiving emails.

● IMAP:

Internet Mail Access Protocol, This is an email protocol used in the receiving process by allowing the user to access a sent email over a remote web server.

By using this protocol received emails are stored and saved over the server, they are not downloaded to your device so this allows the user to access the email from anywhere.
IMAP synchronization between the server and the client email is limited to the email only, which means the calendars, Tasks, contacts and all other components are not included in the synchronization process. Besides these limitations the synchronization process is slow and some IMAP versions need external synchronization applications with extra costs to accelerate synchronization

An example of providers using IMAP is the GMAIL.

● POP3:

Post Office Protocol and 3 is for the current version used.

This protocol is similar to the previous one (IMAP) in being responsible to manage to retrieve emails, but they are different in storing the received data, so for the POP protocol the email is downloaded on your personal device and then deleted from the server, which limits accessing your email to one device only where your received data are downloaded, but this could save memory over the server.

● SMTP:

Simple Mail Transfer Protocol. This is the standard protocol used for the email sending process

● MAPI:

Messaging Application Programming Interface. This messaging protocol works the same way as IMAP but MAPI has additional beneficial features.
So the received emails are stored over the server and could be accessed from anywhere.
The Key point that distinguishes the MAPI Protocol is the synchronization process.
The synchronization process is built in and applied for the email folders, subfolders, Calendar, Tasks, and contacts.
Using MAPI protocol, every 25 users need 1 Mega pure internet, so the connection needed is very light and will not be affected by any congestions.
One of the examples using the MAPI protocol is WorldPosta email service provider

 

How these protocols work together?

To know how this sending and receiving process work, you have to be familiar with some keywords:

Mail servers: This is an application that works on receiving the sent email from the sender and deliver it to the receiver device

DNS: Domain Name System, its main role is to resolve the domain name to IP address or vice versa, to make it short, the DNS is responsible to find the address in order to deliver the mail to the correct end.

 

How does it work?

In this emailing process, we have two ends, the sender and the receiver.

The sender starts by entering the address of the receiver and send the needed communication, this part is done using the STMP protocol.

The email then goes to the mail server responsible for the mail transfer until delivery, at that stage the DNS start to resolve the address received in order to find the corresponding mail server of the receiver. Then the email will be sent using this resolved address to the mail server of the receiver by also using STMP protocol for sending the email.

As a final stage, the email will be delivered and transferred from the recipient’s mail server to the recipient using POP or IMAP, or MAPI protocol for retrieving the message.

 

This is a simple illustration of how things go behind scenes when pressing the send button on your email box application.

 

What is DNS server?

When you enter a domain name or it’s easier to say a “link “over the internet, this domain name is sent to the DNS server in order to find the matching IP address record for this domain name and help users to find a specific website or help computers to communicate when sending emails. So the role of DNS is to resolve domain names into IPs.

A network consisting of a number of DNS servers define the domain name system.

 

DNS Hierarchy

● Each node in the DNS Hierarchy represents the name of the server.
● Each server is responsible for his DNS namespace Zone.
● Each DNS server function to resolve requests in its own zone.

 

 

Let’s take an easy example: eos.cs.berkely.edu
.edu : is the Top Level Domain (TLD)
Berkely.edu : is the secondary level domain
cs.berkely.edu: is the sub-domain
eos.cs.bekely.edu : is the Host domain where “eos” is the host server name.
eos.cs.berkely.edu is the definition of a fully qualified domain name (FQDN).

Secondary Domain

Now that we have briefly explained the DNS concepts, let’s move to a different point of discussion.
You can configure only one Primary DNS for one zone and multiple secondary DNS for redundancy as a cloning backup for your DNS. The Primary DNS holds the original client data while the secondary holds a synchronized copy of the original data.
The copy on the Secondary domain is a read-only copy but it could be updated when making any changes in the configuration files belonging to the primary server.
Besides the use of the secondary domain as a backup, it could also be used for load balancing so that the flow does not overwhelm the Primary domain which may cause a denial of service.

Can you delete a secondary domain after creating it?

Yes, this can be easily done, but once it’s deleted it could never be retrieved back.
After deletion of the secondary domain, the automated transfer or synchronization will automatically stop and all changes impact only the Primary one.

How to delete the Secondary domain?

Following some simple steps:

● From the DNS menu, choose “secondary DNS”
●Choose the secondary domain that you want to delete
● Select the “delete” from the action list
● You have to confirm the deletion by clicking yes on the pop-up confirmation box
● After confirming deletion you then submit your request

 

Note: you can create a new secondary domain any time after deletion if needed.

Email Security and protection

You may have thoughts about how to protect your business communications?
How to protect your emailing network and your shared sensitive data over that network?
Or if it’s a personal email, so how to protect your personal information and personal communications?

Well choosing wisely your email service provider is an important factor, in addition to some other features that you should be taking into consideration while creating your account and configuring your settings

 

What could be the threats attacking your email system?

it’s not just the regular forms of spam, but the problem is the evolution of spams, it could be sent now from many different locations, not from just one source
making the antivirus/spam roles to become more and more complicated

even if your account is just a personal one where you share your personal data, you still threatened with being hacked

Data breach is the process of accessing, copying or viewing personal sensitive data, by an unauthorized individual.
Data breach happens when hacker have access to unauthorized or sensitive data on your network

Email service provider security

Worldposta is an example of the perfectly secured email service provider.
WorldPosta service provider has a highly secured system consisting of the strongest and latest antiviruses/spam and strong numerous layers to scan your system and protect your communication data.
Let me discuss briefly some of these security tools used to protect your email
system against external threats and bothering unwanted spams:

Antis-spam tools:

● SPF records: Sender Policy Framework, it’s an email authentication protocol or it’s also called as validation system that allows the domain name owner to define a list of IPs, only this list can send emails on behalf of this domain. When an email is sent the email receiver start to try matching the IP received from the sender with the SPF records. If it matched any of the records, the email is sent successfully as intended otherwise the sent email fails the SPF test and may be rejected by the email receiver or marked as suspicious. In that way, no one can use your email to send any deceiving messages with your name and in turn, if you are the receiver you will be protected from receiving this fraud email.

● Sender ID: it’s an authentication method that compares the sender’s address with the IP address in order to make sure if he is authorized to send an email using that domain or if he is trying to send a fraud attack

● Reverse Domain Name Service (rDNS): it’s used to resolve IP address into domain name working as a spam filter so that if the IP address does not match the domain name the message will be blocked

● Domain keys identified Mail (DKIM): it’s also an authentication method to make sure that the domain name is not a spoofed one used to send fraud attacks

 

WorldPosta protection against Viruses and Malware:

● WorldPosta uses multiple scanning detection systems, each having his own architecture, combined together to form a strong army and an unbreakable wall to prevent any harm from getting into your email system

● Sand-box technique it’s a technique used where messages are tested in a real-time environment similar to the one at the user side in order to predict and spot any suspicious contents or behaviour.

●With WorldPosta emails are scanned at the gateway

●WorldPosta allow to automatically delete and clean your system from any virus

●WorldPosta provide the user with a report for some viruses that tried to attack the email system

Other Features to take into consideration:

● Have a good complicated enough email address that is not easy to guess.
Including a number or a special character in your email address increase your protection.

● Have a unique strong password, that you are not using for any other accounts (facebook, twitter,…).The factors indicating the password strength are: your password length not less than 15 character length, includes special characters, includes numbers, include a combination of lower an upper case.

● Protect your device using a strong updated antivirus

● Choose a good, strong and private Security question where the answer is not easily guessed or known to everyone.

● Make sure that you email ID and your password are confidential, you are the only one who should know that information, be aware of any external link is trying to ask you for your password in order to continue, it’s a harmful link.

Your corporate communications or your personal data are important to keep safe and fully secured .that’s why it is very important to keep track of all the latest security tools and features and frequently develop your protection tools in order to shelter your business communication