FRAMEWORKS AND STANDARDS
Control 09: Email and Web Browser Protections
An overview of CIS control nine, its purpose, and how to implement the control.
Published Date: October 28, 2024
Product Line: CIS Controls
Audience: Executives, Security Administrators
Get your copy of the CIS Controls V8.1 here.
Overview
Both email and web browser platforms include an aspect of human behavior that can be manipulated to an attacker’s advantage. This control provides guidelines for safeguarding email and web browser platforms to improve an organization’s overall security posture.
Why is this control critical?
Email and web browser platforms are commonly targeted by attackers due to their direct engagement with users inside an organization. Both of these communication channels can interact with untrusted sources outside of a secure enterprise network. The most common email and web browser attacks include phishing, social engineering schemes, and malicious code. Moreover, the growing dependence on mobile or web email platforms poses a risk as default security controls embedded in desktop applications such as encryption, authentication, and phishing reporting buttons are no longer used. Ultimately, without proper safeguards, employees can be falsely lured into revealing credentials and other sensitive information over email.
Web Browser Attacks
- Vulnerable Browsers: attackers can create malicious webpages that exploit browser vulnerabilities
- Third-Party Plugins: vulnerable plugins can allow attackers to get access to a user’s browser, operating system, or applications
- Plugins from untrusted sources may contain malware
- Plugins from untrusted sources may contain malware
- Pop-Ups: although annoying, pop-ups can also contain malware or lead to links which contain malicious software
- Malicious Domains: this includes illegitimate websites used to exploit a user’s device
Web Browser Safeguards
Plugins: do not install plugins from untrusted sources
Content Filters: enable content filters to prevent access to phishing and malware sites (many browsers contain databases of known malicious sites)
Pop-Ups: turn on pop-up blockers
DNS: utilize a DNS filtering service to block access to malicious domains
Email Attacks
The most common email attack used is Phishing/Business Email Compromise (BEC) in which attackers send employees in an organization fake emails from a spoofed account to seem legitimate and gain access to sensitive information.
Email Safeguards
- Spam-filtering/Malware Scanning: prevent the amount of possible malicious emails sent to email accounts
- Implement these tools at the email gateway, in other words ensure these tools are preventing emails from getting into your account
- Implement these tools at the email gateway, in other words ensure these tools are preventing emails from getting into your account
- Domain Based Authentication, Reporting, and Conformance (DMARC)
- Validates the domain an email is being sent from is legitimate/a trusted source and identified malicious domains.
- Reduces spam and phishing emails
- DMARC, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) standards all work together to authenticate email domains. Click HERE to learn more about these standards from CloudFlare.
- Encryption
- secures email communications by obfuscating the email content
- secures email communications by obfuscating the email content
- Specify File Types
- only allow certain file types to be accessed through an email. This can help prevent unknowingly opening and executing malicious files
- Coordinate this with businesses to ensure required file types for business operations are not being blocked
- Coordinate this with businesses to ensure required file types for business operations are not being blocked
- only allow certain file types to be accessed through an email. This can help prevent unknowingly opening and executing malicious files
- User Training: educate users to identify phishing/malicious emails and how to notify IT personnel
- Organizations can utilize trusted platforms which perform phishing tests against users to evaluate how well a user can identify a phishing attack
Email and Browser Techniques, Processes, and Procedures
- Use only fully supported browser and email clients: ensure the platforms used are trusted and use only the latest releases through the vendor only
- Enforce network-based URL filters: prevent enterprise assets from reaching a malicious website
- Category-based filtering: block sites based on the content they display
- Reputation-based filtering: block websites that have been reported to be malicious or harmful
- Block Lists: generate a list of websites that are restricted in the enterprise
- Enforce this filtering on all assets
- Category-based filtering: block sites based on the content they display
- Restrict Browser/Email Client Extensions: prevent the installation of or disable the use of unnecessary browser/email plugins/extensions/add-on applications
- Deploy and Maintain Email Server Anti-Malware Protections: utilize anti-malware software to detect malware in emails
- Attachment scanning: scans email attachments to ensure they are not malicious