Webinaire sur la sécurité du serveur IceWarp. 15 octobre Webinaire sur la Sécurité du serveur IceWarp - 15 octobre

Transcription

1 Webinaire sur la sécurité du serveur IceWarp 15 octobre 2009

2 La sécurité Les vulnérabilités SMTP POP IMAP HTTP... Les risques Saturation du serveur Saturation des réseaux Mise en liste noire par les serveurs distants Intégrité du serveur Ecoute et corruption des données Le serveur IceWarp Les protections Le contrôle du relayage L'authentification Le cryptage L'architecture L'anti virus L'anti Spam

3 Le flux de relayage Expéditeur Serveur/client/webmail Non Un relayage est-il demandé et l'expéditeur a-t-il le droit de le faire? Oui Relayage Destinataire serveur SMTP local ou refus / rejet Serveur IceWarp

4 " will forward " [0DF4] 15:48:46 Connected [0DF4] 15:48:46 >>> 220 smtp.domaine.fr ESMTP IceWarp 9.3.2; Mon, 07 Sep :48: [0DF4] 15:48:46 <<< EHLO User [0DF4] 15:48:46 >>> 250-smtp.domaine.fr Hello User [ ], pleased to meet you [0DF4] 15:48:47 <<< AUTH LOGIN [0DF4] 15:48:47 >>> 334 VXNlcm5hbWU [0DF4] 15:48:47 <<< dgvzda== [0DF4] 15:48:47 >>> 334 UGFzc3dvcmQ [0DF4] 15:48:47 <<< dgvzda== [0DF4] 15:48:47 >>> Authentication successful [0DF4] 15:48:47 <<< RSET [0DF4] 15:48:47 >>> Reset state [0DF4] 15:48:47 <<< MAIL [0DF4] 15:48:47 >>> Sender ok [0DF4] 15:48:47 <<< RCPT [0DF4] 15:48:47 >>> Recipient ok; will forward [0DF4] 15:48:48 <<< RCPT Site de décodage de base64 : ou

5 " we do not relay " [2314] 18:51:10 Connected [2314] 18:51:10 >>> 220 mail.tassigny.darnis.com ESMTP IceWarp ( ); Mon, 21 Sep : [2314] 18:51:10 <<< HELO mailer [2314] 18:51:10 >>> 250 mail.tassigny.darnis.com Hello mailer [ ], pleased to meet you [2314] 18:51:10 <<< MAIL [2314] 18:51:11 >>> Sender ok [2314] 18:51:11 <<< RCPT [2314] 18:51:11 >>> we do not relay [2314] 18:51:11 *** :00:00 INCOMPLETE-SESSION [2314] 18:51:11 Disconnected

6 Contrôle du relayage NON Session authenifiée OUI NON IP de confiance OUI OK XWe do not relay NON Ne relayer que si le domaine de l'expéditeur est local OUI OK NON Expéditeur local OUI XWe do not relay OK

7 Un compte de domaine local doit être identifié [0DA0] 10:12:47 Connected [0DA0] 10:12:48 >>> 220 secosys.dnsalias.org ESMTP IceWarp RC6; Sat, 26 Sep :12: [0DA0] 10:12:48 <<< EHLO static ipcom.comunitel.net [0DA0] 10:12:48 >>> 250-secosys.dnsalias.org Hello static ipcom.comunitel.net [ ], pleased to mee [0DA0] 10:12:48 <<< MAIL SIZE= [0DA0] 10:12:48 >>> Sender ok [0DA0] 10:12:48 <<< RCPT [0DA0] 10:12:48 >>> Access to not allowed [0DA0] 10:12:48 <<< QUIT [0DA0] 10:12:48 >>> secosys.dnsalias.org closing connection [0DA0] 10:12:48 *** :00:00 INCOMPLETE-SESSION [0DA0] 10:12:48 Disconnected

8 Vérification des mots de passe

9 " SSL côté émetteur - client " SYSTEM [2028] 21:19:58 Client session Message id IDU60958 item tm$ SYSTEM [2028] 21:19:58 Client session DNS query 'secosys.dnsalias.org' 0 (0) [OK - 2] SYSTEM [2028] 21:19:58 Client session Connecting to 'secosys.dnsalias.org' [2028] 21:19:58 Client session Connected [2028] 21:20:00 Client session <<< 220 secosys.dnsalias.org ESMTP IceWarp RC6; Thu, 01 Oct :19: [2028] 21:20:00 Client session >>> EHLO mail.tassigny.darnis.com [2028] 21:20:00 Client session <<< 250 HELP [2028] 21:20:00 Client session >>> STARTTLS [2028] 21:20:00 Client session <<< Ready to start TLS [2028] 21:20:00 Client session SSL: Verified (0) [2028] 21:20:00 Client session >>> EHLO mail.tassigny.darnis.com [2028] 21:20:00 Client session <<< 250 HELP [2028] 21:20:00 Client session >>> MAIL From:<bertrand@darnis.com> SIZE=632 TRANSID= < > [2028] 21:20:00 Client session <<< <bertrand@darnis.com>... Sender ok [2028] 21:20:00 Client session >>> RCPT To:<bertrand@secosys.dnsalias.org> [2028] 21:20:00 Client session <<< <bertrand@secosys.dnsalias.org>... Recipient ok [2028] 21:20:00 Client session >>> DATA [2028] 21:20:00 Client session <<< 354 Enter mail, end with "." on a line by itself [2028] 21:20:00 Client session >>> 632 bytes (overall data transfer speed= b/s) [2028] 21:20:14 Client session <<< bytes received in 00:00:13; Message id IDU27656 accepted for delivery [2028] 21:20:14 Client session *** <bertrand@darnis.com> <bertrand@secosys.dnsalias.org> :00:13 OK IDU [2028] 21:20:14 Client session >>> QUIT [2028] 21:20:14 Client session <<< secosys.dnsalias.org closing connection SYSTEM [2028] 21:20:14 Client session Disconnected

10 SSL côté destinataire - serveur [0B44] 21:19:54 Connected [0B44] 21:19:55 >>> 220 secosys.dnsalias.org ESMTP IceWarp RC6; Thu, 01 Oct :19: [0B44] 21:19:55 <<< EHLO mail.tassigny.darnis.com [0B44] 21:19:55 >>> 250-secosys.dnsalias.org Hello mail.tassigny.darnis.com [ ], pleased to meet you [0B44] 21:19:55 <<< STARTTLS [0B44] 21:19:55 >>> Ready to start TLS [0B44] 21:19:55 <<< EHLO mail.tassigny.darnis.com [0B44] 21:19:55 >>> 250-secosys.dnsalias.org Hello mail.tassigny.darnis.com [ ], pleased to meet you [0B44] 21:19:55 <<< MAIL From:<bertrand@darnis.com> SIZE=632 TRANSID=< @darnis.com> [0B44] 21:19:56 >>> <bertrand@darnis.com>... Sender ok [0B44] 21:19:56 <<< RCPT To:<bertrand@secosys.dnsalias.org> [0B44] 21:19:56 >>> <bertrand@secosys.dnsalias.org>... Recipient ok [0B44] 21:19:56 <<< DATA [0B44] 21:19:56 >>> 354 Enter mail, end with "." on a line by itself [0B44] 21:19:56 <<< 637 bytes (overall data transfer speed=1919 b/s) [0B44] 21:19:56 Start of mail processing [0B44] 21:20:09 *** <bertrand@darnis.com> <bertrand@secosys.dnsalias.org> :00:13 OK IDU [0B44] 21:20:09 >>> bytes received in 00:00:13; Message id IDU27656 accepted for delivery [0B44] 21:20:09 <<< QUIT [0B44] 21:20:09 >>> secosys.dnsalias.org closing connection [0B44] 21:20:09 Disconnected

11 SSL sur la liaison IP (wireshark) TCP > smtp [SYN] Seq=0 Win=65535 Len=0 MSS= TCP smtp > [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS= TCP > smtp [ACK] Seq=1 Ack=1 Win=65535 Len= SMTP S: 220 secosys.dnsalias.org ESMTP IceWarp RC6; Thu, 01 Oct :19: SMTP C: EHLO mail.tassigny.darnis.com SMTP S: 250-secosys.dnsalias.org Hello mail.tassigny.darnis.com [ ], pleased to SMTP C: STARTTLS SMTP S: Ready to start TLS SSLv3 Client Hello SSLv3 Server Hello, Certificate, Server Hello Done SSLv3 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message SSLv3 Change Cipher Spec, Encrypted Handshake Message SSLv3 Application Data, Application Data SSLv3 Application Data, Application Data SSLv3 Application Data, Application Data TCP smtp > [ACK] Seq=1990 Ack=608 Win=64733 Len= SSLv3 Application Data, Application Data SSLv3 Application Data, Application Data SSLv3 Application Data, Application Data SSLv3 Application Data, Application Data SSLv3 Application Data, Application Data SSLv3 Application Data, Application Data TCP smtp > [ACK] Seq=2356 Ack=1486 Win=65340 Len= SSLv3 Application Data, Application Data TCP smtp > [ACK] Seq=2356 Ack=1560 Win=65266 Len= TCP > smtp [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS= TCP smtp > [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1452 WS= TCP > smtp [ACK] Seq=1 Ack=1 Win=66792 Len= TCP > smtp [FIN, ACK] Seq=1 Ack=1 Win=66792 Len= TCP smtp > [ACK] Seq=1 Ack=2 Win=65535 Len= SMTP S: Intrusion prevention active for [ ] TCP > smtp [RST, ACK] Seq=2 Ack=60 Win=0 Len= TCP smtp > [FIN, ACK] Seq=60 Ack=2 Win=65535 Len=0

12 Firefox Le domaine ne correspond pas

13 Firefox Le certificat est auto signé, expiré et le domaine ne correspond pas

14 Internet Explorer Le domaine ne correspond pas ou le certificat n'est pas signé par une autorité reconnue

15 Le DNS

16 Architecture Firewall Firewall DMZ Réseau local Ports HTTP HTTPs Reverse proxy type Apache (Vulture) Serveur IceWarp Ports SMTP SMTPs Serveur IceWarp Backup Ports IMAP(s) POP(s)