Hey guys,
If you haven’t read the previous articles here they are:-
So, moving onto module 5 ‘Handling and Responding to Email Security Incidents’ and I am expecting to breeze through this as it’s the one I have done most work previously on.
Module objective.
We cover stuff like types of email security incidents, the different crimes committed by emails like spamming, phishing, mail bombing, malware distribution which was all very straight forward.
We then go through the following before hitting the labs:-
- Preparation
- Detection and containment of Email
- Indications of Email Attack
- Indications of Identity Theft
- Detecting Phishing/Spam Emails
- Tools for Detecting Phishing/Spam Mails
- Containing Email Incidents
- Analysing Email Headers
- Tools for Analysing Email Headers
- Checking the Email Validity
- Examining the Originating IP Address
- Tracing the Email Origin
- Tracing Back Web-based Email
- Email Tracking Tools
- Analysing Email Logs
- Analysing SMTP Log
- Eradication of Email Security Incidents
- Eradicating Email Attacks
- Reporting Phishing and Spam Email to Email Service Provider
- Guidelines against Spam
- Guidelines against Phishing
- Guidelines against Identity Theft
- Recovery after Email Security Incident
- Recovery Steps to Follow after Email Incidents
- Recovery of Deleted Emails
- Email Recovery Tool: Recover My Email
- Antiphishing Tool: Gophish
- Antispamming Tool: SPAMfighter
- Email Security Checklist
- Email Security Tools
There are only four labs in this section which I think is more than enough in this day and age as most people are pretty clued up at all of this.
Lab 1
Detecting Phishing Attacks
Phishing refers to a technique in which an attacker sends an email or provides a link falsely claiming to be from a legitimate site in an attempt to acquire a user’s personal or account information.
In this lab we used Netcraft and PhishTank.
https://www.netcraft.com/apps/
The Netcraft Toolbar provides internet security services, including anti-fraud and anti-phishing services, application testing, code reviews, automated penetration testing, and research data and analysis on many aspects of the internet. PhishTank is a free community site on which anyone can submit, verify, track, and share phishing data. PhishTank is a collaborative clearinghouse for data and information regarding phishing on the internet. PhishTank also provides an open and free API for developers and researchers to integrate anti-phishing data into their applications.
Lab 2
Email Header Analysis
Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) are the two criteria that can be used to detect spoofing or malicious emails.
In this lab we learn how to analyse email headers by tracking the SPF and DKIM attributes of an email header using the online tool MxToolbox.
Lab 3
Collecting Information About a Target by Tracing Emails
Tracing emails involves analysing the email header to discover details such as sender identity, mail server, sender’s IP address, location, and so on.
In here we will learn how to collect information about a target by tracing emails using eMailTrackerPro.
Lab 4
Ensuring Secure Email Communication Using PGP
Gpg4win (GNU Privacy Guard for Windows) is encryption software for files and emails. Gpg4win enables users to securely transport emails and files with the help of encryption and digital signatures.
Overall a really good and pretty easy module, mainly because I have done a lot of work like this before but there is an exam for this certificate so it was good re going over a lot of stuff.
Regards
Alex