Information Systems Security. Security Techniques and Mechanisms in Protecting Spam Activity

Security Techniques and Mechanisms in Protecting Spam Activity

Substantially, the occurrence of attacks on computer network, together with the consequent news has both alarmed people on computer networks’ vulnerability and the risks of employing them and their dependence on them. According to diverse researches, as technology changes, so do the security parameters, requirements, needs and even standards. It is thus evident that the society is playing a kind of game, whereby its result remains tentative and perhaps not winnable; a phenomenon that is driven by several reasons. One of these reasons is that the irresistible number of computer network vulnerabilities remain to be based on software that come from either application or even software. Another reason is the fact that there is more computer proliferation as well as computer and computer networks dependence; the more people join cyberspace, the more the likelihood of system attacks. Moreover, it is highly challenging to discover an appropriate security solution not to mention that in this case, oversupply of security experts has adverse effects on the security issues due to their opinion diversity.

Subtly, as spam, phishing and malware remain to be a big risk nowadays, email security has hastily developed over the past few years; characterized by a sequence of novel risky threats. Thus, in order to maintain email security in check, it is quite significant to observe the following big threats to email security: snowshoe spam, hacktivism and data breaches (Conklin & White, 2016).

Unlike the regular spam, snowshoe spam is not sent from a single computer, but rather from several users, each transfering messages in low volume. Even though, it may be easy to block spam that is coming from a single locality, it is very tricky for anti-spam software to sustain spam coming from different locations. Hacking activism/hacktivism may not seem to be problematic but the fact remains, it contains two issues. The first issue is that hacktivists aim at getting high number of compromised accounts so as to make a statement. The second problem is that while an individual may not think he/she is doing something explicitly-oriented, he/she may be dragged into a proverbial crossfire, a phenomenon that may compromise personal data, hence, putting his/her email security at risk (Chou, 2013). Even though data breaches have hit several renowned companies such as Sony, it should be realized that these breaches do not just occur to the big companies only, but to everyone (Conklin & White, 2016). When a person gives his/her personal information to a company, there is always a likelihood of becoming a victim of a main data breach, particularly considering the idea of using common login information for multiple accounts, an aspect that virtually invites digital thieves into the email accounts in question.

Therefore, in order to protect the aforementioned spam issues, it is important to apply the Layered model (schemes), which is applied in several information strategies; every layer stating the manner through which spam activity can be stopped. Layer 0/6 (SIEM, Spam Control and Monitoring) can either be the final or initial step depending on the individual (Conklin & White, 2016). Initially, the data of emails cataloged as spam has to be generated, an aspect that allows for extraction of a statistic that may facilitate the formation of a business case for improvement of the current anti-spam protection system. Again, Layer 1 (Mail Scanning via External Services) demonstrates that many default anti-spam protection systems do not have the newest threat detection technologies and shows that firms have to turn to external solutions (Reshef & Hirsh, 2006). Thus, providers will be held responsible for validation of the incoming traffic of mail servers prior to reaching users’ network.

Layer 2 (Perimeter Protection) maintains that any company or individual’s perimeter protection system has to have spam detection services. Moreover, it is critical to confirm that these services are correctly configured on top of equipping them with a robust reporting system that enables the identification of emails that are spam-classified (Conklin & White, 2016). Afterwards, quarantine system has to be configured so as to isolate false positives. Internal Network, Mail Servers and Antispam Solutions represent Layer 3, where it is noted that in cases where there is lack of an internal anti-spam mail server, open source options like RadicalSpam and MailScanner among others may provide solid protection together with threat data of blocking attackers (Reshef & Hirsh, 2006).

In the Final Devices (Layer4), every host is mandated to contain a protection mechanism that is connected to the mail client. Just like in a centralized system on a server, such mechanism has to have the ability to detect threats, spam emails and even phishing attacks (Chou, 2013). The last layer is Training end Users so as to avoid phishing attacks; users are educated on the types of attacks that they may face, not to mention that it is crucial conducting frequent tests to measure the vulnerability of the users to spam campaigns or phishing (Gao et al, 2010).

Suffice to say, as the abovementioned security mechanisms remain known to different security professionals, it is always advisable to form basic policies, procedures and even guidelines as well as protection systems so as to safeguard one’s data from phishy fraudsters. Security teams have the capacity to ensure that their subjects/employees along with partners have stayed off the hook if layered approach to both spam and phishing prevention has been applied.

References

Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79.

Conklin, Wm. & White, G. (2016). Principles of Computer Security; 4thEdition. Pennsylvania: McGraw-Hill Companies.

Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., & Zhao, B. Y. (2010, November). Detecting and characterizing social spam campaigns. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement (pp. 35-47). ACM.

Reshef, E., & Hirsh, A. (2006). U.S. Patent Application No. 11/302,508.