Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Evaluation SMTP Gateway.

from [Alin-Adrian Anton] Network Security [Permanent Link]
Subject: Re: Evaluation SMTP Gateway.
Date: Fri, 11 Feb 2005 22:54:55 +0200
Daniel Espinosa wrote: 
Hello,

I will evaluate a SMPT Gateway (it is an appliance), the objective of
this evaluation is to validate if it really works well in the next
criteria:

1.- Anti-Spam.
2.- Antivirus.
3.- WebMail Protection.

To do this, I have implemented a lab with the characteristics  of an
operational environment (Firewall - SMPT Gategay - MailServer - Work
stations)

Do you know any security methodology to test the previous criteria?,
What tools I can use?, Do you have any idea to test those
functionalities?

Thanks for your help. 

Hi,

Just some quick thoughts of what's a nice to-do:

1. Get a virii collection, especially worms (they are the most common form of mail viruses).
Having the "in the wild" collection is also a good start.
Use a script to test the detection rate of the mail-server with AV.
See what file types are allowed to be attached, and what file types are not. Is there also any sanity-checking done on the SMTP BODY? etc.
See if AV can look into archives, and what type of archives.

2. Do the same with the spamassassin Spam Corpus, they have different level of spam corpuses, the "torture test" being the hardest to detect.

One VERY important thing about AV but especially about anti-spam software, is what happens with blocked messages?
Is there a mechanism to check the blocked messages, or not? How well and user friendly this is? How practical is it? Or maybe the messages are black-holed?

Is the AV bouncing-back "you got virii" spam messages to innocent/inexistant senders, or not?

Anti-spam software which blackholes 0.00001% of innocent messages is garbage. It violates the design principles of Internet and SMTP itself.

PS: dns-blacklists blackhole 40% of the Internet.

3. All levels of web-based, CGI-based, httpd-based attacks. Depends on the software itself.
Is webmail accesible from intranet only, or it is accesible from Internet too? How bullet-proof is the user authentication mechanism? Can the password/cookie be intercepted? How? (also VPN? SSL? JS hashes? etc?)

PPS: You can do much more, those are just few ideas quickly crossing my mind. Hope it helps a bit.

PPPS: Still, you should in the end give them a short idea if they are using buggy software on this gateway (with potential to allow intruders in). (like sendmail for instance)

Yours,
--
Alin-Adrian Anton
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785  2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA

"It is dangerous to be right when the government is wrong." - Voltaire

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Advice for a spreadsheet macro that calls home?, marc spamcatcher
Next by Date:  Re: Mapping Class A network ( any easy trick?), John Thomas
Previous by Thread:  Evaluation SMTP Gateway., Daniel Espinosa
Next by Thread:  RE: Evaluation SMTP Gateway., Osvaldo Casagrande
Indexes:  [Date] [Thread] [Top] [All Lists]