What is DMARC? DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. What does DMARC actually do? DMARC is a protocol that protects your organization from emails sent by fraudulent imposters. The most simplistic analogy is you can very easily send a nasty post mail to Prime Minister Trudeau but put your next door neighbor’s full name and return address on the envelope making the letter completely appear as if it was sent by your innocent neighbor. The exact same applies to email and DMARC is a method to prevent this from happening. Why would you need it? Lanworks has several customers in which their internal email address books have been compromised and used by fraudulent imposters to send phishing emails to their own customers. You can imagine the embarrassment and damage control required to convince your best customer that the well-crafted phishing email they just received with your president’s name in the “From” field is in fact fraudulent. This is reality and it happens all the time. How Does DMARC prevent this? Now this is the complicated part of this Blog. DMARC builds on the widely deployed SPF and DKIM protocols, adding ties to the author’s (“From:”) domain name. The SPF and DKIM fields are typically set in your DNS records SPF: allows senders to define which IP addresses are allowed to send mail for a particular … [Read more...]
A Glimpse into the Future of Network Security
This past week I was at the Juniper Partner Conference in Miami, where I sat through a number of talks and seminars. One of the sessions was about network security, and while taking notes, I tried to imagine what the future of network security should look like. So many organizations have routers, firewalls, anti-malware devices, IPS, wireless, network and endpoints – all from a variety of manufacturers. The key piece to note is they don’t really talk to each other to “share” what they are seeing on the network. From the sessions I attended, I learned that large Fortune 100 companies spend upwards of 45% of their annual IT budgets on the operational maintenance, subscriptions, care and feeding of these elements in their networks. In many cases, logs or alerts from these devices are not proactively monitored or they go un-actioned in many organizations (e.g. Target security breach in Nov. 2013), which effectively makes them useless. A three-year study by Verizon Enterprise Solutions found that companies discover breaches through their own monitoring in only 31 percent of cases. For retailers, it’s 5 percent. In the future, various elements of a network have to talk to each other. There needs to be a “Security Back channel” that firewalls, IPS, malware, anti-spam, load balancers, routers, wireless controllers, switches and end points all use to talk to each other using a standard protocol that is vendor agnostic. Let me provide an example. If a connection request to … [Read more...]