Out-of-Band-Managment + DNS+ Email Security

Out of band management

Whenever possible, network designs must include a way to do secure ____. A separate means of accessing the administrative interface should exist

DNS filtering

is used by many organizations to block malicious domains. _____ uses a list of prohibited domains, subdomains, and hosts and replaces the correct response with an alternate DNS response, often to an internal website that notes that the access was blocked and what to do about the block

DKIM

allows organizations to add content to messages to identify them as being from their domain. ___ signs both the body of the message and elements of the header, helping to ensure that the message is actually from the organization it claims to be from. It adds a DKIM-Signature header, which can be checked against the public key that is stored in public DNS entries for DKIM-enabled organizations.

SPF

is an email authentication technique that allows organizations to publish a list of authorized email servers. ___ records are added to the DNS information for your domain, and they specify which systems are allowed to send email from that domain. Systems not listed in ___ will be rejected

DMARC (Domain-based Message Authentication Reporting and Conformance)

is a protocol that uses SPF and DKIM to determine whether an email message is authentic. Like SPF and DKIM, ___ records are published in DNS, but unlike DKIM and SPF, ___ can be used to determine whether you should accept a message from a sender. Using ___, you can choose to reject or quarantine messages that are not sent by a ___-supporting sender

Email security gateways

are designed to filter both inbound and outbound email while providing a variety of security services