S 5.57 Secure configuration of the groupware/mail clients

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: User, Administrator

The groupware programs used by the employees must be pre-configured by the administrator in such a way that a maximum level of security can be achieved without any further action by the users. Users should be instructed not to alter the configuration settings of their own accord.

The following items are of particular importance when configuring groupware clients:

• The address given as the reply address must be set to the "official" e-mail address of the user. This ensures that no internal e-mail addresses are disclosed to the outside.
• To minimise the load on the network, mail clients should not check the mail server too frequently for new messages. Automatic downloading every 30 minutes is recommended as a default value and in most cases this will be sufficient. If a user is awaiting an urgent message, mailbox checking should be initiated manually.
• If the messages are fetched from the mail server by POP3 (Post Office Protocol Version 3), they should also be deleted there. This precludes repeated fetching of the same messages and prevents memory shortages from developing on the mail server. If the messages are stored on the mail server and accessed via IMAP (Internet Message Access Protocol), a size restriction should be configured for the server-side mailbox. In this case, the users need to regularly delete e-mails from the server or else move them to local mailboxes. Once the upper limit for mailbox size is reached, users should be advised of this by an appropriate means, for example by e-mail. The message could go something like this:
  
  "Your mailbox has exceeded one or more size restrictions set by the administrator.
  
  The present mailbox size is xxx MB.
  
  Maximum mailbox size: you will be informed when the mailbox size exceeds yyy MB.
  
  You may not be able to send or receive any new messages until you have reduced the mailbox size. To free up some space, you should either delete some items or else move them to local folders."

E-mails in HTML format

HTML-formatted e-mails can contain active content (e.g. JavaScript, Flash, ActiveX or Java). For this reason, HTML-formatted e-mails can cause problems, often in combination with security gaps in e-mail clients. To avoid this, e-mail programs should be configured so that they do not run active content in HTML-formatted e-mails without prompting the user for confirmation. If possible, only e-mail clients which make it clear that a given e-mail is HTML-formatted before it is opened should be used. If the e-mail client offers the option of not automatically displaying HTML-formatted e-mail, but instead presenting the message only as text (HTML source text) the first time it is opened, then this option should be used.

Due to the possible risks associated with HTML-formatted e-mail, if possible no HTML-formatted e-mails should be sent. When configuring the e-mail clients, "Text only" should be set as the default format for new e-mails. If certain formatting elements are absolutely necessary, e.g. font types and colours, then RTF can be used instead.

E-mail attachments

E-mail attachments are a popular transport medium for computer viruses, Trojan horses, worms and other malicious programs. E-mail programs should therefore be configured in such a way that attachments cannot be accidentally executed. Instead, the program should warn the user prior to execution of the attachment or, as a minimum, ask the user to confirm whether the file should be opened. The operating system or e-mail client should, moreover, be configured in such a way that files are initially displayed only in a viewer or some other means of presentation without any programming code that may be contained in the files, such as macros or scripts, being executed.

Preview function

Some client programs have a message preview function which allows the content of a selected e-mail to be displayed without it being explicitly opened by the user. This could allow harmful content in the e-mail to be run unintentionally. It is therefore advisable to disable the preview function.

Configuring email filter rules

Unwanted e-mails, particularly spam, disrupt productive work. As a general rule, it is recommended to filter spam on the server. The advantage of this is that all e-mails are filtered consistently and that the administrative work required is limited to a defined location. In addition, filtering can also be done on the clients.

Most e-mail clients can be configured such that they move e-mails marked as unwanted to separate folders. Corresponding filter rules can be configured by the users or administrators. The user should be informed about such filter rules.

Automatic forwarding of e-mails

Given the increasing mobility in government agencies and companies, it is becoming more and more necessary to access e-mails at any time and from any location. A mechanism for this is automatic forwarding of e-mails. However, if the forwarding option is configured carelessly, there is a risk of a loss of data or of data confidentiality. For example, this may occur if e-mails contain unexpected confidential messages. Therefore, it is recommended to not forward emails automatically.

In particular, it is not advised to forward official e-mails to private mailboxes. Organisations protect communication through various safeguards in order to ensure the integrity and confidentiality of messages, the authenticity of the senders and the availability of the e-mail service.

By forwarding official e-mails to private mailboxes these security safeguards can be undermined under some circumstances. All an attacker has to do is to overcome the protection mechanisms of a private computer in order to access confidential official data and information for further attacks on official systems of the organisation.

Review questions:

• Are e-mail clients configured so that no further configuration by the users is required?
• Are users instructed not to alter the configuration settings of their own accord?
• Is storing of passwords in the communications software prevented and/or forbidden?
• Is there a size restriction for the server-side mailbox?
• Are file attachments stored on the hard disk prior to being run?
• Are file attachments scanned with a virus protection program prior to being run?