Top 3 Security Gaffes
- Secondary MX: You add a secondary MX record to the DNS that points directly to your Exchange server (oh no, not you– let’s blame the newbie!). Maybe this is for testing purposes, or to relay specific device reports or mobile device access to bypass your anti-spam/security layer. You might think no other traffic will come through this door. And while you’re thinking that, spam is already making its way through that secondary MX right into your Inbox. MX records are public, of course, and spamming devices (such as botnets, etc.) directly target the lowest priority MX records on the assumption/hope that security is lower, not up to date or simply non-existent.
- Infected user(s): It only take one wrong click on a HTML file (usually undetected by default AV scanners) to get infected. Now that the address book has been hacked and it contains several addresses within your own domain, you’re now in hell. Even if you manage to stop the spam from within your own network, the address book has already been distributed and you will be targeted for the next several weeks or months. I’ve seen a few customers get hit with a LOT of spam variants this way, which never appeared on the regular feeds.
- Internal security hole: This topic has been covered several times, but it’s still one of the main reasons why some of you get hammered with spam and/or get blocked by popular RBL servers. We’re not only talking about unprotected Wi-Fi, there’s also unprotected 3G! I discovered this hole a while ago and most Blackberry administrators are not aware of it. If you run a BES (BlackBerry Enterprise Server), all Blackberries managed under your BES have full LAN access by default. You can test it by telnetting from your device (using any SSH aplications) to one of your local/internal IPs. Example: if your mail server has an internal IP, like 192.168.10.25, you can telnet to this address on port 25 from anywhere in the world. Yep, your LAN is wide open. It only takes one piece of malicious software (or pair of malicious hands!)!
And here’s a bonus one:
I added myself to the trusted list: Adding yourself to your own trusted list is like holding the door wide open for spam. Believe me, more than 90% of incoming mail that uses your name as the FROM address will be spam. Create a secondary account to send notes to yourself (marcnotes@..)