Educause Security Discussion mailing list archives
Compromise Email Accounts
From: Richard Miller <miller () KUTZTOWN EDU>
Date: Wed, 21 Jan 2009 09:59:12 -0500
I am curious how other universities deal with compromise email accounts used to send out spam. Student email accounts will inevitably be compromised. Even with the best efforts, it can happen. To me the trick is to reduce the likelihood (and therefore frequency) and reduce the scope of the resulting problems. In particular, I think efforts to combat this can be broken down into four major areas: Prevention ---------- - User education - with thousands of new students each year, this is a big challenge. How do you accomplish it effectively? - An effective anti-spam solution is critical - if phishing messages are getting through, it will increase likelihood of compromise. - Any other ways of preventing accounts from being compromised? Detection --------- - Monitor queue lengths. - What else can be monitored? Containment ----------- - Do you allow students to use IMAP/POP/SMTP or are they required to use a web interface (this can potentially reduce the scope of attacks)? - Do you throttle outbound email and if so, how do you accomplish this? - Do you scan outbound mail for spam? If so, how do you deal with false positives? - Any other containment measures? Cleanup ------- - Cleanup will largely depend on the mail architecture used. - Disable compromised account. - Clean out mail delivery queue - Any other advice? Thank you for any advice you can offer. -- Rick Miller Manager of Servers and Security Kutztown University
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Compromise Email Accounts Richard Miller (Jan 21)
- <Possible follow-ups>
- Re: Compromise Email Accounts Mike Iglesias (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Zach Jansen (Jan 21)
- Re: Compromise Email Accounts Roger Safian (Jan 21)
- Re: Compromise Email Accounts Mike Porter (Jan 21)
- Re: Compromise Email Accounts Schumacher, Adam J (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Russell Fulton (Jan 29)
- Re: Compromise Email Accounts Sabo, Eric (Jan 29)
(Thread continues...)