Latest news
Web Mail Security Approaches
There are three ways that web mail security can be done:
1. Development In-house
2. Deploy a web mail Security technology/product
3. Outsource to 3rd party
Many businesses refuse to deploy web mail due to concerns over security issues inherent to web based access to mail. Figure 1 highlights some of the issues that are, in fact, valid concerns. However, there are countermeasures that can be applied to mitigate most of the security issues. One such countermeasure is application knowledge. Having security minded development staffs who are properly trained in secure software development principles could minimize poor programming habits that introduce vulnerabilities into the web mail application. A resource to organization who are establishing secure programming standards include: Foundstone, or online training available from the International Webmasters Association IWA-HWG. Also, a well-written guide in secure application development can be found here. These resources can be used to establish a baseline of secure programming ideas within an organization. The second approach is the use of security technology. Technology is available now that be immediately deployed as a protective layer around a web mail infrastructure. Most of these products are based on the idea of a reverse proxy. The difference in products is the technology being used to implement the reverse proxy functionality. For example, IronMail email security appliance from CipherTrust uses hardened version of Apache as the reverse proxy. The IronMail appliance features a protocol anomaly- based intrusion detection system built in to the secure web mail application on the appliance. The IDS can detect several hundred known exploits unique to web mail. In addition, classes of exploits such as buffer overflow, directory traversal, path obfuscation, and malformed HTTP requests. As an all-in-one approach to web mail security there are few such products that do the job as well.
Outsourced Web Mail service
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
