ABSTRACT

 

The case company in this Thesis is Interglobal Limited located in Nigeria. The aim of this study is to test for mail server vulnerabilities and recommend control measures in dealing with the identified vulnerabilities.

 

In this thesis, I have x-ray basis of information security; relationships among threat, attacks, and vulnerabilities; threat and security concerns on mail servers and clients; mail server overview and common vulnerability challenges; and vulnerability issues with Interglobal Limited mail servers.

 

This research has led me to conduct vulnerability scanning of Interglobal Limited mail server through an email client configured on the server. The results of the tests and overview of research objectives have influenced my recommendations on control measures to deal with the found vulnerability and unexpected vulnerabilities in the future.

 

Communication is one of the key strengths of an organisation. It is imperative for businesses to have email communication for passing across information to the clients and vice versa. The security of mail communication backbone should be of greater importance and concern to individuals and corporate organisations.

 

Keywords: Information Security, Vulnerability, Mail Server, Mail security, Control Measures, Vulnerability Scanning, Interglobal Limited.

1 INTRODUCTION

 

In the ever-changing world of global data communications, inexpensive Internet connections, and fast-paced software development, security is becoming more and more of an issue. Security is now a basic requirement because global computing is inherently insecure. As the data goes from point A to point B on the Internet, for example, it may pass through several other points along the way, giving other users the opportunity to intercept, and even alter, your data. Even other users on your system may maliciously transform your data into something you did not intend. Unauthorized access to your system may be obtained by intruders, also known as “crackers”, who then use advanced knowledge to impersonate you, steal information from you, or even deny you access to your own resources (Fenzi & Wreski 1998). These emphases indicate the more reasons why there is need for security in information systems.

 

 

1.1 Motivation

 

 

 

The topic of my research work is Testing Mail Server Vulnerabilities and Recommending Control Measures – A Case of Interglobal Limited. The choice of my topic is informed by my thirst for information system (henceforth IS) security, which embodies server security. My research work is based on examining known vulnerability issues with the case company’s mail server and their effects; control measures previously applied to deal with the vulnerabilities and their effects; vulnerability testing, and recommendations on how vulnerability testing can be used to mitigate risks pose by vulnerable server environment in the company.

 

 

This work also includes analysis of relationship among three key issues that affect efficiency and reliability of the server and information systems performance and security. The three key issues that affect information system security and pose challenges to information confidentiality, information integrity, and information availability are threat, attack, and vulnerability. Threat and attack are accomplices of vulnerability. Therefore, threat and attack succeed because vulnerable systems exist. To be successful in combating vulnerabilities in any system, these three keys must be studied and understood by a server or network administrator in an organisation. Otherwise, efforts to deal with vulnerable system in the organisation may be fruitless.

 

 

My research work will be essential to ensuring information security such as data confidentiality, data integrity, and data availability in respect of mail server environment. Additionally, it will also perform four important functions for an organization. The functions are to protect the organisation’s ability to function, enable the safe operation of applications implemented on IT systems, protect the organisation’s data, and safeguard the technology assets in use (Whitman & Mattord 2005, 37).

 

 

1.2 General Goals

 

 

 

For most businesses today, e-mail is the mission-critical communications tool that allows their people to produce the best results. This greater reliance on e-mail has increased the number of messages sent and received, the variety of work getting done, and even the speed of business itself. Amid this change, employee expectations have also evolved. Today, employees look for rich, efficient access – to e-mail, calendars, attachments, contacts, and more – no matter where they are or what type of device they are using (Microsoft Exchange 2010.)

 

 

The most deadly viruses, able to cripple your email system and corporate network in minutes, are being distributed worldwide via email in a matter of hours. Email worms and viruses can reach your system and infect your users through harmful attachments. But that’s not all! Some viruses are transmitted through harmless-looking email messages and can run automatically without the need for user intervention (GFI 2010.)

 

 

There is need to initiate an efficient and effective way of detecting and controlling vulnerabilities to reduce flaws in a server. This is an in-house approach that is centered on the processes, systems, and strategies required to defend against both internal and external intruders and attackers to the systems. This approach is an indirect means of managing risks due to such flaws. Servers are prone to threats, attacks, and intrusion because there are security holes somewhere in the systems, processes and strategies in place.