Diseño y evaluación de una metodología para reducir los ciberataques originados a través de correo electrónico mediante la aplicación de filtros y reglas sobre un Gateway.

Abstract

A methodology based on rules and filters was developed to detect malicious emails, for this, by studying the art of the different cyberattacks that originate through emails, the following were determined: malware attack, Spam, and phishing, as well as well as that email is a means used for information leakage, In the same way, the main characteristics of the tools that face these cyberattacks were determined, these being: Antimalware, Antispam, customization of rules, generation of Black and White Lists, event tracking, self-learning, and web administration. Through a comparative analysis, the “Proxmox Email Gateway” tool was selected to be implemented in the two test scenarios, the first without applying the developed methodology and the second with its application. For each of the scenarios, controlled cyber attacks were executed. According to the data obtained from the test scenarios, it was found that the methodology developed reduces cyberattacks originated through email by 38.75% and by means of the chi-square statistical test with a confidence level of 95%, demonstrated that the methodology developed by applying filters and rules on a Gateway does reduce the percentage of the number of cyberattacks originated through email. It is recommended to monitor the email gateway constantly, in order to add new filters and rules that detect the most recent cyber attacks, since new techniques or malware that violate security systems are discovered every day.