CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [84]
Popups
While not technically an add-in, popups (also known as pop-ups) are both frustrating and chancy. Whenever a user visits a website and another instance (either another tab or another browser window) is opened in the foreground, it is called a popup; if it opens in the background, it is called a popunder. Both popups and popunders are opening pages or sites that you did not specifically request and may only display ads or bring up applets that should be avoided.
Popup blockers are used to prevent both popups and popunders from appearing. While older browsers did not incorporate an option to block popups, most newer browsers now have that capability built in.
Signed Applets
Signed applets are similar to Java applets, with two key differences: A signed applet doesn’t run in the Java sandbox, and it has higher system access capabilities. Signed applets aren’t usually downloaded from the Internet; this type of applet is typically provided by in-house or custom-programming efforts. These applets can also include a digital signature to verify authenticity. If the applet is verified as authentic, it will be installed. Users should never download a signed applet unless they’re sure the provider is trusted. A signed applet from an untrustworthy provider has the same security risks as an unsigned applet.
A vulnerability reveals itself when an applet is always assumed to be safe because it is signed. Being signed, it may have the ability to do things outside the realm of normal applets, such as execute programs. A disgruntled programmer can create a malicious signed applet and wreak havoc until stopped.
Most web browsers have settings that can be used to control Java access. This allows clients to control resource access using Java applets or scripts.
SMTP Relay
SMTP relay is a feature designed into many e-mail servers that allows them to forward e-mail to other e-mail servers. Initially, the SMTP relay function was intended to help bridge traffic between systems. This capability allows e-mail connections between systems across the Internet to be made easily.
Unfortunately, this feature has been used to generate a great deal of spam on the Internet. An e-mail system that allows this type of forwarding to occur is referred to as an open relay. Unscrupulous individuals can use open relays to send advertisements and other messages through open relay servers. SMTP relaying should be disabled on your network unless it’s limited to the e-mail servers in your domain.
Real World Scenario
SMTP Relaying in Action
You’ve just received a call from a client indicating that their e-mail server is acting peculiarly. When you arrive at the site, you notice that there are more than 20,000 e-mails in the outbound mail folder and that the system has no disk space available. When you shut down the e-mail software, you delete these files and restart the e-mail server. You see that the outbound mail folder begins to fill up again. What problem could this server be encountering?
E-marketers may be using the server as a relay. This hijacking will continue until you disable the SMTP relay capabilities in the server. Many older systems don’t allow SMTP relaying to be turned off; such servers must be upgraded or replaced to prevent this from continuing.
Working with File Transfer Protocol
File Transfer Protocol (FTP) was the most common protocol used to transfer files between systems on the Internet for many years, and it’s available on most major server environments.
The Internet has replaced many of the functions FTP served in the past. FTP is still commonly used, but it’s becoming less popular as other methods of file downloading are made available.