Lecture 19: The Problem of Securing Content ( Content Security )

 

Keywords: content, network, access, mail, junk, e-mail, spamming, advertising, falsification, evolution, user process, trust, activity, address, analysis, percentage, letter, whole, trade secret, statistics, audit, fake addresses, word, advertising, user, opt, stream, program, mail, COM, malicious code, anti-spam, formalize, isp, internet security, ISS, mail filter

 

Promotional materials for the anti-spam workshop were sent out to 6,000,000 potentially interested companies.

Modern joke

Content security

The term " Conti t - security ¹ covers content security information and includes a wide range of topics - risk of leakage of confidential content (content), the risk of ingress of unwanted content in the corporate network, etc.  

 

 

Fig. 14.1. Spam is the imposition of advertising at the expense and time of the recipient

 

If we are talking about corporate users, then the concept of " content security " also includes issues of restrictions on personal mail, personal access to the Internet from an organization, etc.

One of the problems with content security is the problem of spam or spam. E- mail is an important means of communication both between home users and between employees of enterprises. But the unique capabilities of the Internet to deliver messages to hundreds of thousands of recipients simultaneously turn into a disease of the new century - sending unsolicited messages, or spam (in English Junk e-mail or spam).

Spam - these are the messages that you would not want to receive, but which anyway someone persistently sends you. Most often this is an advertisement of some goods and services, sometimes such letters are clearly criminal in nature. Having responded to the offer in a spam email, it is easy to become a victim of financial fraud.

Typically, a spammer takes all measures to avoid liability for the message by resorting to falsification of the sender's address. Recently, in connection with the development of the fight against spam by filtering mail, spammers have begun to modify their messages so as to deceive anti-spam filters.

As a result, it takes precious staff time to parse the rubble of unnecessary messages, and in the spam stream you can not notice and delete the necessary message, and in addition, email users are forced to pay extra traffic to providers, receiving unnecessary advertising.

According to Metcalf’s law, the value of a network increases nonlinearly depending on the number of its users. The essence of the law is shown in Fig. 14.2. In a group of two members only one communication is possible, in a group of five members the number of possible communications increases to 10, etc.

 

 

 

Fig. 14.2. The number of communications increases nonlinearly as the number of network nodes increases.

However, the assertion that the value of the network increases as the number of communications grows is true only if communications allow us to accumulate useful information. When users (beyond their will) begin to receive ads they don’t need from a huge number of spammers, the value of the network goes into its opposite.

The reason for spam survivability is that email users are a mixed audience that behaves differently (Figure 14.3).

 

 

Fig. 14.3. Spam ecosystem functioning scheme

 

On the one hand, people use the offers of spammers and thus support their business, and on the other hand, dissatisfied with the high volume of spam, they turn to various organizations: service providers, IT corporations, anti-spam solution providers and government agencies with a request to take measures against spam. The state imposes sanctions against spammers, fines them. Service providers and IT corporations turn to anti-spam solution providers who create various protection systems. Service providers offer their users solutions that limit spam, filter spam messages, block spammer domains, maintain black lists and receive money for additional services.

Spammers try to trick filters, come up with new forms of messages that are invisible to them, in the hope of preserving their business. As a result, there is the evolution of spam filters and in parallel develop a means of delivering spam, and pay the process of users e-mail.

The spread of spam has led to a significant decrease in trust in e-mail newsletters, even non-spam ones. 

However, for organizing, losses are associated not only with receiving spam. Those personal letters that corporation employees send (read) during business hours are also a cause of loss of time and money for the organization.

Typically, a spammer takes all precautions to avoid responsibility for his activities. It can infect computers of other users and send spam from them, and it can send spam from its computer, but try to fake the sender address. In any case, manual analysis of all incoming e-mail takes too much time. Therefore, in practice, spam filters are used to filter out unwanted messages. The percentage of false positives for such a filter (when a useful email is mistaken for spam) should be minimal. The danger of not receiving the right letter is much higher than the danger of receiving unnecessary letters.

The problem is compounded by the fact that 30% of employees in their private letters voluntarily or involuntarily send confidential information.

Identifying personal correspondence in the workplace is a pretty subtle point. In Russia, the right to privacy of correspondence is guaranteed to any citizen of the Russian Federation in accordance with paragraph 2 of Art. 23 of the Constitution and confirmed by Art. 138 of the Criminal Code ("Violation of the secrecy of correspondence, telephone conversations, mail, telegraph and other messages of citizens"). However, there are a number of federal and other laws ("On Informatics, Informatization and Information Protection", "On Trade Secrets ", etc.) that allow organizations to protect their information from leakage. It is also obvious that the employing company does not want to pay for the personal correspondence of its employees.

Statistics show that in more than 60% of cases, viruses spread along with spam. Billions of emails are sent daily in the world, and more than 70% of them are spam!

Consideration of integrated solutions to prevent the leakage of confidential information as a result of deliberate and inadvertent actions by company employees is beyond the scope of our book. There are a number of companies that will help to correctly draw up a company’s internal security policy and take into account all the legal subtleties, audit the existing information infrastructure and implement a comprehensive solution to prevent the leakage of confidential information, as well as train staff and properly operate existing products. More information can be found, for example, on the InfoWatch website (www.infowatch.ru).

Next, we will focus on methods to combat spam. They can be divided into legal, organizational and technical.

Many states have already passed laws restricting spam. This indicates an understanding of the problem at the highest level.

Most legal rules governing spamming include a ban on falsifying email headers, using third-party addresses, and falsifying the sender’s address. Junk E-mail should also contain the word ADV (from the English. Advertisement - advertisement) in the subject line. In addition, a free mechanism should be implemented, thanks to which the user can unsubscribe (opt -out, unsubscribe) from receiving advertising letters. It should be noted that, declaring such a mechanism, many spammers upon the fact of unsubscribing only verify that the given address exists and they really read their correspondence.

In practice, finding and prosecuting spammers is quite difficult. In Russia, the process of legal prosecution of spammers is in its infancy.

Organizational anti-spam measures are applied within large and medium-sized companies and help to slightly reduce the flow of unwanted emails reaching the corporate network.  

Organizational measures are a clear policy setting the rules for using mail at the workplace. Only following such pre-agreed rules will avoid a conflict between the employer and the employee. At the same time, there are generally accepted standards of behavior that reduce the risk of corporate email addresses getting into spam mailing lists. Here is some of them.

It is undesirable to respond to letters from spammers. The user's response confirms the existence of this mailing address.

The mailbox name should not be short or generally accepted. Otherwise, the spam mailing program will be able to pick up the mailing address according to the dictionary.

It is undesirable to leave your primary email address as contact information on the Internet, in profiles and on forums. It is necessary to make additional mailboxes on free mail servers (for example, Mail Address. mobi, Yandex.ru, Hotmail. Com) and keep these addresses.

User can also always make a complaint to the ISP through which send unsolicited mail. In order to determine the address of the provider, you can use a special program, for example Spam Punisher (www.softlinks.ru).

The technical means of combating spam include special software filters that, based on a given policy (set of rules), are able to filter out unwanted correspondence.

It should be noted that the filters implement highly intelligent technologies that make decisions "spam" or "not spam" based not only on formal signs and keywords, but also using linguistic analysis of the body of the letter.

Spam criminals are constantly improving their technology and come up with new ways to trick filters. Anti-spam product developers are also constantly updating their products, making them more effective. Such a battle between shell and armor is endless. In general, modern solutions allow you to filter out about 90% of unwanted emails.

Antispam products can be divided into personal and corporate solutions.

Personal anti-spam tools