7.4 E-Mail

Description

Electronic mail service (e-mail in short) allows the world-wide transmission and reception of electronic messages within very brief periods of time. An e-mail usually consists of an address (from/to), subject (title or reference), text body and, occasionally, one or more attachments. E-mail not only allows information to be exchanged quickly, conveniently and informally, but also makes it possible to forward business transactions to other parties for the purpose of further processing. Depending on the context in which e-mail is used, different requirements apply to the confidentiality, availability, integrity and mandatory nature of the transmitted data as well as the e-mail software in use.

Threat Scenario

The following typical threats are assumed as regards IT baseline protection of files exchanged via e-mail:

Organisational Shortcomings:

• T 2.7 Unauthorised use of rights
• T 2.9 Poor adjustment to changes in the use of IT
• T 2.19 Inadequate encryption key management
• T 2.54 Loss of confidentiality through hidden pieces of data
• T 2.55 Uncontrolled use of electronic mail
• T 2.56 Inadequate description of files

Human Failure:

• T 3.1 Loss of data confidentiality/integrity as a result of IT user error
• T 3.3 Non-compliance with IT security measures
• T 3.8 Improper use of the IT system
• T 3.13 Transfer of incorrect or undesired data records

Technical Failure:

• T 4.20 Data loss due to exhausting storage medium
• T 4.32 Failure to dispatch a message
• T 4.37 Lack of time authenticity in E-mail

Deliberate Acts:

• T 5.2 Manipulation of data or software
• T 5.7 Interception of lines
• T 5.9 Unauthorised use of IT systems
• T 5.21 Trojan Horses
• T 5.23 Computer viruses
• T 5.24 Replay of messages
• T 5.25 Masquerade
• T 5.26 Analysis of the message flow
• T 5.27 Repudiation of a message
• T 5.28 Denial of services
• T 5.43 Macro viruses
• T 5.72 Misuse of e-mail services
• T 5.73 Impersonation of a sender
• T 5.74 Manipulation of alias files and distribution lists
• T 5.75 Overload due to incoming e-mails
• T 5.76 Mail bombs
• T 5.77 Unauthorised monitoring of e-mails

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

As regards e-mail systems, the following essential aspects need to be investigated:

• E-mail software is used to transmit, receive and process e-mail.
• This e-mail software transmits and receives e-mail to/from a mail server. The mail server maintains a mailbox for every user. For the further exchange of information, the mail server communicates with gateways which forward the messages to other mail systems.

A comprehensive security policy (refer to S 2.118 Determination of a security policy for the use of e-mail) needs to be prepared for the implementation of security measures for the exchange of electronic mail. The operation of e-mail systems entails the implementation of security measures for the mail server as well as the clients in use. The security precautions and instructions to be observed by users are of particular importance. The package of measures for the area of e-mail is listed in the following:

Organisation:

• S 2.30 (2) Provisions governing the designation of users and of user groups
• S 2.42 (2) Determination of potential communications partners
• S 2.46 (2) Appropriate key management (optional)
• S 2.118 (1) Determination of a security policy for the use of e-mail
• S 2.119 (1) Regulations concerning the use of e-mail services
• S 2.120 (1) Configuration of a mail centre
• S 2.121 (2) Regular deletion of e-mails
• S 2.122 (2) Standard e-mail addresses
• S 2.123 (2) Selection of a mail provider

Personnel:

• S 3.4 (1) Training before actual use of a program
• S 3.5 (1) Education on IT security measures
• S 3.10 (1) Selection of a trustworthy administrator and his substitute
• S 3.11 (1) Training of maintenance and administration staff

Hardware/Software:

• S 4.33 (1) Use of a virus scanning program when exchanging of data media and data transmission
• S 4.34 (2) Using encryption, checksums or digital signatures (optional)
• S 4.44 (2) Checking of incoming data for macro viruses
• S 4.64 (1) Verification of data before transmission / elimination of residual information
• S 4.65 (2) Testing of new hardware and software

Communications:

• S 5.22 (2) Compatibility check of transmission and reception systems (optional)
• S 5.32 (1) Secure use of communications software
• S 5.53 (2) Protection against mail bombs
• S 5.54 (2) Protection against mail overload and spam
• S 5.55 (2) Checking of alias files and distribution lists
• S 5.56 (1) Secure operation of a mail server
• S 5.57 (1) Secure configuration of mail clients
• S 5.63 (2) Use of PGP (optional)
• S 5.67 (3) Use of a time stamp service (optional)

Contingency Planning:

• S 6.23 (2) Procedure in case of computer virus infection
• S 6.38 (2) Backup copies of transferred data (optional)

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000