Table of Contents Technical Discussion…………………………………..

Table of Contents Technical Discussion……………………………………………………………………………………………………… 2
POP3S- Linux Dovecot………………………………………………………………………………………………… 3
IMAPS…………………………………………………………………………………………………………………………. 3
SMTP-IIS and Postfix…………………………………………………………………………………………………… 4
DNS……………………………………………………………………………………………………………………………. 5
Hardening Recommendations…………………………………………………………………………………. 6
POP3S………………………………………………………………………………………………………………………… 6
Hardening Recommendation #1 -update iptables to enable SSL traffic through the firewall.6
Hardening Recommendation #2 – require the user’s authentication with a password login.7
Hardening Recommendation #3- update iptables to enable IMAP ports from Dovecot. 7
IMAPS…………………………………………………………………………………………………………………………. 8
Hardening Recommendation #1 – Port 143 is insecure needs to be disabled or changed to port 9938
Hardening Recommendation #2 – Enable enyrpted login………………………………………….. 8
Hardening Recommendation #3 – Reconfigure SSL Certifications…………………………….. 8
SMTP………………………………………………………………………………………………………………………….. 9
Hardening Recommendation #1- Enable TLS encryption for authentication………………. 9
Hardening Recommendation #2 – Enable and configure filtering polices that protects against spam9
Hardening Recommendation #3 – Enforce antivirus scanning of emails………………….. 10
Hardening Recommendation #1- Incoming email configuration……………………………… 10
Hardening Recommendation #2- Basic hardening………………………………………………….. 10
Disable VRFY (verify)…………………………………………………………………………………………… 10
Hardening Recommendation #3- Prevent unwanted email relaying…………………………. 10
DNS…………………………………………………………………………………………………………………………. 11
Hardening Recommendation #1 – Utilize port 53…………………………………………………….. 11
Hardening Recommendation #2 – Use internal and external dns……………………………… 11
Hardening Recommendation #3 – Disable inactive protocals…………………………………. 11
Hardening Recommendation #1 – Implement DNSSEC…………………………………………… 12
Hardening Recommendation #2 – Restart BIND……………………………………………………… 12
Hardening Recommendation #3 – Configure Local Files…………………………………………. 12
References………………………………………………………………………………………………………………….. 13Technical Discussion
POP3S- Linux Dovecot
POP3s is also known as “Post Office Protocal 3”, which is most commonly used protocal for receiving emails over the web” (Rahul Awati, 1). This standard protocal is maily supported by email severs as well as their client support. POP3s “is used to receive emails from a remote server and send to a local client”(Rahul Awati, 1). This is a one way client and sever protocal that receives and holds emails on a sever. Well, how does POP3S work, POP3s listens in on TCP port 110. Then, when a client wants to POP3s for retrivel a TCP connection is established with the sever host. When the connection with the sever is established the POP3s sever sends greeting, then it goes into the authorization stage.
Some advantages of POP3s are being able to “access emails without internet connection, and less sever space” (Anon, 2019). Clients are able to access already dowloaded emails on their devices with this sever without needing an internet connection. However, you will need an network connection to receive any new emails. POP3S Linux Dovecot is “ an open source IMAP and POP3 sever for linux systems” (Anon 2019). Dovecot “primarly aims to be lightweight, fast, and easy to set up an open source mail server”(Anon 2019). Dovecot “is a mail delivery agent sometimes used with POP3s, and it is written with security primairily in mind”(Anon 2019). Dovecot supports mailbox formats such as mbox or Maildir and is simple to install. IMAPS
IMAPS is an extension of the Internet Message Access Protocol (IMAP) that incorporates encryption for secure email communication. It operates over a secure channel, typically using SSL/TLS protocols, to ensure the confidentiality and integrity of data exchanged between the email client and server. IMAPS is designed to provide a secure method for accessing and managing email messages. It builds upon IMAP, adding a layer of encryption to protect sensitive information, such as login credentials and email content, during transmission. The default port number for IMAPS is 993. This port is dedicated to secure IMAP communication. In your course, understanding this default port number is crucial when configuring email clients for secure access.
IMAPS relies on SSL/TLS encryption to establish a secure communication channel between the email client and server. This encryption safeguards against eavesdropping and man-in-the-middle attacks, ensuring the confidentiality of user data. IMAPS employs various authentication mechanisms, including username and password, to verify the identity of users. SSL/TLS certificates are also used to authenticate the server, adding an extra layer of security. In conclusion, a comprehensive understanding of IMAPS involves grasping its role in securing email communication, the default port number (993), the use of SSL/TLS encryption, and the applications and services that leverage this protocol. As students in your course explore secure email configurations, this knowledge will be essential for implementing and troubleshooting secure email access.
SMTP-IIS and Postfix
SMTP (Simple Mail Transfer Protocol) serves as the backbone for email communication, enabling the transfer of electronic messages across networks. In our course, we delve into the technical intricacies of SMTP, focusing on default port numbers and the diverse applications and services that leverage this protocol. SMTP primarily operates over two port numbers, each serving a distinct purpose. Port 25 is the default port for SMTP, responsible for relaying emails between servers. It acts as the standard communication channel for email transmission. However, note that due to security concerns and abuse, some ISPs block this port for residential users. Port 587 is designed as an alternative to port 25, port 587 is dedicated to email submission by end-users to a mail server. It ensures a secure and authenticated communication channel, often requiring user credentials for access. Port 587 is pivotal in preventing unauthorized access and spam. SMTP finds application in various domains, contributing to seamless communication in the digital landscape. SMTP plays a central role in mail servers, facilitating the relay of emails between servers.
Servers utilize SMTP for communication both within the same server and with external servers, creating a unified email ecosystem. Many web applications integrate SMTP to send automated emails such as contact form submissions, password resets, or notifications. This ensures reliable email delivery without relying solely on the user’s email client. In conclusion, by delving into default port numbers and its applications in diverse services, our course equips students with a practical and in-depth knowledge of SMTP, essential for navigating the complexities of modern email communication.
DNS
DNS (Domain Name System) “serves as a foundational pillar of the internet, translating human-readable domain names into machine-readable IP addresses”(Faster Capital, 2024). In our course, we aim for a profound technical exploration of DNS, emphasizing default port numbers and the spectrum of applications and services reliant on this critical protocol. DNS utilizes one primary port number, serving a specific function in the DNS communication process Port 53 is the default port for DNS queries and responses. DNS clients and servers communicate over port 53, using it as the standard channel for resolving domain names to IP addresses and vice versa. Both TCP and UDP are employed, with UDP being more common for regular queries due to its lower overhead. DNS underpins a plethora of applications and services, showcasing its indispensable role in internet functionality and connectivity. DNS is crucial in the email ecosystem. It aids in the resolution of mail server addresses, ensuring emails are correctly routed to the intended recipients. MX (Mail Exchange) records are particularly significant in this context. DNS is fundamental in network infrastructure, especially in environments utilizing Active Directory. It enables the identification and location of domain controllers, facilitating seamless authentication and resource access within a network. In the realm of IIS, DNS plays a crucial role in facilitating the proper functioning and accessibility of websites. In summary, our course goes beyond a surface-level understanding of DNS, emphasizing the technical differences, default port numbers, and its extensive applications across various services. By comprehending DNS in this depth, students gain the insights necessary to navigate the complexities of modern network communication and internet infrastructure.
Hardening Recommendations
POP3S
Hardening Recommendation #1 -update iptables to enable SSL traffic through the firewall.
Enabling SSL traffic through the firewall allows the firewall to decrypt and inspect traffic. “It prevents data breaches by finding hidden malware and stopping hackers from sneaking past defenses” (Zscaler,4). To update iptables to enable SSL traffic through the firewall you must first open your command prompt. Once the client is in the command prom you can type the code
-sudo ufw app list This route allows you to be able to configure traffic through the POP3s firewall. Hardening Recommendation #2 – require the user’s authentication with a password login.
It is necessary to require the user’s authentication with a password login because “It serves as a crucial line of defense against unauthorized access and protects sensitive information from falling into the wrong hands” (Sudhanshu Agarwal, 1). “The primary purpose of username and password authentication is to ensure only authorized individuals with valid credentials can access restricted resources.” (Sudhanshu Agarwal, 5). To require user’s authentication, you will have to type a specific code into your command prompt.
– Sudo ufw app info “Dovecot IMAP.”
Hardening Recommendation #3- update iptables to enable IMAP ports from Dovecot It is necessary to update iptables to enable IMAP ports from dovecot because it secures the networks access. The defaulted port in IMAP is port 143, and for the secure socket layer protocol. When changing IMAP port for Dovecot you can do it the most basic way, which is to edit the file/etc/dovecot/dovecot. You can also time the same line in the command prompt and it should successfully enable IMAP port from Dovecot. IMAPS
Hardening Recommendation #1 – Port 143 is insecure needs to be disabled or changed to port 993
It is necessary to disable or change ports because “if a cyber attacker gains physical access to an active port, they will be able to connect to the network and potentially launch attacks or gain unauthorized access”( Navneet Trievdi, 2022). This is why it is required to disable port 143 because it is insecure and needs to be changed to port 993, it helps mitigate security risk. You can disable or change port by using command prompt line ,”openssl s_client -showcerts -connect imap.foo.com:993 –crlf”(Phillip Clark, 2020).
Hardening Recommendation #2 – Enable enyrpted login
Enabling encrypt login because, “encryption helps protect the data on your device so it can only be accessed by people who have authorization” (Microsoft Support). Encryption provides an extra layer of security for any users that access their emails from a public network. “IMAP sever password authentication is an effective and trustworthy way to protect your email account” (Imap Sever ,2). Enabling encrypted login can be done through settings or the command prompt. Hardening Recommendation #3 – Reconfigure SSL Certifications
Reconfiguring secure socket layer certifications “ allows to keep their online transactionns and keep customer information private and secure.” The secure socket layer “keeps internet connections secure and prvents criminals from reading or modifying information transfered between two systems.”(USA kaspersky ,2020). Reconfiguring ssl certifications is necessary because it constantly needs to be reevaluated to make sure things stay accurate. When reconfiguring the ssl certifications you can do this by searching for the Internet email settings in the command line, then allowing encrtpted connection. SMTP
Windows: Hardening Recommendation #1- Enable TLS encryption for authentication
Enabling TLS encryption for authentication, “ensures that data transmitted between them is encrytpted with secure algorithms and not viewable by third parties” (Internet Society, 3). An SMTPS sever with “SSL/ TLS starts a connection with the receving sever passing only encrypted information- thus making it more difficult to break” (Turbo SMTP , 2024). Command line code to enable TLS encryption for” authetication is febootimail –SSL febootimail -SSL -TLS SSLv3 febootimail -SSL -TLS 1.2”( SSL Command Line, 2019). ”
Hardening Recommendation #2 – Enable and configure filtering polices that protects against spam
Enabling and configuring filtering policies that protects against spam “because spam filters protect against many threats, including unwanted spam, emails, phishing malware, fake invoices, and other risky content” (Iton Demand, 2023). “With SMTPS spam scan policies you can specify filter criteria, action, and encryption for senders and recepients email” (XG firewall). “Go to Email > Policies, click Add a policy and then click SMTP spam scan. Enter a name. Specify the senders’ and recipients’ email address groups or domain groups. Specify an exact match or keyword match. Specify the filter criteria based on which policy applies the specified action.”(Sophos Firewall 2023).
Hardening Recommendation #3 – Enforce antivirus scanning of emails
Enforcing antivirus scanning of emails is necessary because users can protect their data and devices from potential threats. Linux: Hardening Recommendation #1- Incoming email configuration
“postconf -e smtpd_helo_required=yes
People usually greet each other by saying ‘hello’ or something similar. Mail servers do this with a HELO command, or EHLO, the extended version. Servers that are not using this are typically not properly configured, or simply sending spam”(Michal Boelen, 2018). Hardening Recommendation #2- Basic hardening
“Disable VRFY (verify)
The VRFY command is short for ‘verify’. It can be used to see if an email address is valid on the mail server. While this is great for troubleshooting, it also allows others to make educated guesses if an account exists and deliver possibly spam. The VRFY command is not normally not needed for delivery between two mail servers
postconf -e disable_vrfy_command=yes”(Micheal Boelen).
Hardening Recommendation #3- Prevent unwanted email relaying
“An open relay is a system that accepts email from all systems and forwards them. Spammers use these open relays to send out their messages, (Micheal Boelen).”
“mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128” postconf -e mynetworks=”127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128″
DNS
Linux: Hardening Recommendation #1 – Utilize port 53
It’s necessary to utilize unused ports because “it allows computers to easily different between different kinds of traffic: emails go to a different port than webpages, even though both reach a computer over the same internet connection” (Cloudflare 2019). DNS “is an essential process for modern internet, it matches human relatable domain names to machine readable IP addresses enabling users to load websites and applications without memorization for a long list of IP addresses”(Cloudflare 2019). When utilizing port use command line “sudo ufw allow 53/tcp
$ sudo ufw allow 53/udp”( Vivek Gite, 2023).
Hardening Recommendation #2 – Use internal and external dns
Using the internal and external dns is necessary because, “ the internal dns servers can answer questions about internal host. The external dns responds to questions from the internet, feign ignorance about the most internal hosts, but answers questions about a few hosts meant to be exposed to the internet” (Marnix Van Ammers ,2019).
Hardening Recommendation #3 – Disable inactive protocals
Disabling inactive protocols prevents the risk of attacks and keeps a computers system up to date. Not disabling inactive protocols can compromise the network. Therefore, all services should be removed. Hardening Recommendation #1 – Implement DNSSEC
Implementing DNSSEC is necessary because, “ if any part of the chain is broken, users can’t trust the records were requesting because a man in the middle can alter records and direct users to any IP address they want” (Cloudflare, 2019). To add the dnssec first you would have to go to settings, you should see the dnssec protocol and from there users can enable. Hardening Recommendation #2 – Restart BIND
In Dns BIND “can be used to run a caching DNS sever on the authoritative name sever, and provides features like loading balancing, notify, dynamic update, and split DNS” (IMBP company). When restating BIND, users must follow the command line” # service named start, # service named restart”(Vivek Gite, 2013).
Hardening Recommendation #3 – Configure Local Files
Configuring local files is necessary because it provides security, it makes a complex system. This system allows for files to be organized, managed, and customizable. To configure local files in DNS, “/etc/resolv.conf,”(Oracle Corporation, 2020). References
Boelen, M. (2018, July 6). Postfix hardening guide for security and privacy. Linux Audit. https://linux-audit.com/postfix-hardening-guide-fo…
Awati, R. (2021, October). What is POP3 (Post Office Protocol 3)? WhatIs.com. https://www.techtarget.com/whatis/definition/POP3-…
What is POP3? (2019). WhatIsMyIPAddress.com. https://whatismyipaddress.com/pop3
Dovecot manual — Dovecot documentation. (n.d.). Doc.dovecot.org. https://doc.dovecot.org/
What Is SSL Decryption? | Define & Core Concepts | Zscaler. (n.d.). Www.zscaler.com. https://www.zscaler.com/resources/security-terms-g…
Customizing Dovecot | Directadmin Docs. (n.d.). Docs.directadmin.com. Retrieved March 3, 2024, from https://docs.directadmin.com/other-hosting-service…
‌
What is an SSL certificate – Definition and Explanation. (2023, April 19). Usa.kaspersky.com. https://usa.kaspersky.com/resource-center/definiti…
‌
What is TLS & How Does it Work? | ISOC Internet Society. (n.d.). Internet Society. https://www.internetsociety.org/deploy360/tls/basi…
‌
Add an SMTP spam scan policy. (n.d.). Docs.sophos.com. Retrieved March 3, 2024, from https://docs.sophos.com/nsg/sophos-firewall/17.5/H…
‌
DNS Configuration and Data Files (System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)). (n.d.). Docs.oracle.com. Retrieved March 3, 2024, from https://docs.oracle.com/cd/E19683-01/806-4077/6jd6…
‌
Management, N.-I. D. and T. (n.d.). BIND DNS: Pros, Cons and Alternatives. NS1. Retrieved March 3, 2024, from https://ns1.com/resources/bind-dns-pros-cons-and-a…
‌
What is internal DNS and external DNS? (n.d.). Quora. Retrieved March 3, 2024, from https://www.quora.com/What-is-internal-DNS-and-ext…
‌
Boelen, M. (n.d.). Postfix Hardening Guide for Security and Privacy – Linux Audit. Linux-Audit.com. https://linux-audit.com/postfix-hardening-guide-fo…
Add an SMTP spam scan policy. (n.d.). Docs.sophos.com. https://docs.sophos.com/nsg/sophos-firewall/17.5/H…
‌
Addressing Common Issues. (n.d.). FasterCapital. Retrieved March 3, 2024, from https://fastercapital.com/startup-topic/Addressing…
‌
Wallen, J. (2021, March 30). CyberPanel makes one-click installing of web-hosted apps and services simple. TechRepublic. https://www.techrepublic.com/article/cyberpanel-ma…
‌
‌ Boelen, M. (n.d.). Postfix Hardening Guide for Security and Privacy – Linux Audit. Linux-Audit.com. https://linux-audit.com/postfix-hardening-guide-fo…
‌