TABLE OF CONTENTS Many of the most serious threats from the Internet come from attacks that attempt to exploit application vulnerabilities. Because application-driven attacks tend to be sophisticated in nature, effective defenses must be equally sophisticated and intelligent. Check Point s Application Intelligence is a set of advanced capabilities which detect and prevent application-level attacks.
In a mail and recipient content attack, e-mail worms and viruses introduce malicious code that can reach your system and infect other users through harmful attachments. In addition, a number of viruses are transmitted through harmless-looking e-mail messages and can run automatically without the need for user intervention.
Initially defined as a text-based message exchange, e-mail today can be employed to exchange nontext file formats such as audio and video across the Internet. The Multipurpose Internet Mail Extension (MIME), RFCs 2045 and 2046, was created as an extension to the basic e-mail protocols to accommodate these other file types. SmartDefense can recognize MIME attachments and limit their potential to introduce malicious content. By default, SmartDefense does not allow multiple content-type headers. Although the security administrator has the option of allowing multiple content-type headers, the SmartDefense default suggests that such a decision can open the network to malicious behavior and as such recommends a limitation of content-type headers.
SmartDefense strips MIME attachments of the particular type from the message. For example, the message/partial MIME type is stripped to prevent fragmented and reassembled messages. The message/partial MIME type can be employed to bypass most of the security restrictions...
