Information Security Best Practices: 205 Basic Rules

Section 11: Internet Security Rules

The greatest threat to an organization's network is from a public network such as the internet. A firewall is the first step in isolating the internal network from the internet, as discussed in Section 2. This section discusses email, FTP, TELNET, browser, and NEWS security.

11.1 Internet Mail Security

Electronic mail (email) is used widely by corporations, government, educational institutions, and individuals. Everyone would like their email message to be confidential (private), to arrive as it was sent (have integrity), to be sent to who you think you are sending it to (authenticated), and to be signed by the sender to identify the actual sender (digital signature). To remain compatible with the outside world, however, you must use the email packages that inter-operate with one another. These email packages typically do not incorporate most of these security considerations. An organization or an individual can increase security for some email communications by incorporating the following email best practices.

INFOSEC Best Practice #117

Run the newest versions of mail server software.

If operating your own mail server, use the latest versions of mail server software that may include new security features and fix current problems. By running up-to-date versions of your mail server software, you will enhance your mail security.

INFOSEC Best Practice #118

Scan all incoming email at the mail server.

Anti-virus software must be setup at the mail server to scan all incoming email traffic for viruses. This is the first level of anti-virus defense that attempts to stop virus-infected...