1 / 15

Lesson 16-E-mail

Lesson 16-E-mail. Email Security. Most Mail Protocols Are Clear Text. Are Your Email Credentials Your LAN Credentials?

jean
Download Presentation

Lesson 16-E-mail

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lesson 16-E-mail

  2. Email Security • Most Mail Protocols Are Clear Text. • Are Your Email Credentials Your LAN Credentials? • E-mail began with mailbox programs on early time-sharing machines so users could leave messages for others using the same machine. In 1972 was the first inter-machine e-mail. • The distribution of malicious code via e-mail attachments allowed viruses to spread further and faster.

  3. Worms • Modern wormsare scripted to send themselves to other users and uses its code to automate the infection process. • Mail worms use multiple methods of attack, which include: • Sending multiple infected e-mails. • Scanning hosts on the Internet, looking for a specific vulnerability. • Finding the vulnerability and infecting the target. • Since email worms are sent to addresses found on infected users' machines, • just knowing the sender is no proof of intent – their machine may be infected and they are oblivious to the viral email being sent • Worse, today's worms spoof the From address, so it may well be that it's not even from the person you think it is.

  4. Trojan Horses and Worms • A Trojan horseis a program that seems to be one thing while actually having a hidden purpose. • They may do what they claim, but they also install some other program that allows an attacker to control an infected machine remotely. • Email Viruses • Executable attachments that can not only doing damage your own machine but also uses your address book to mail copies of itself to everyone with whom you correspond.. Melissa virus, Klez, and others. • Executables are most likely to be dangerous, but virus writers use tricks such as appending multiple file extensions to fool you into thinking a file is something it’s not. Because the Windows Explorer and some software programs don’t show common extensions by default, a file named letter.txt.exe will appear to be an innocuous text file when it’s really a program file. • Virus threats can be reduced by educating the users and scanning.

  5. HTML • Hypertext Markup Language (HTML) allows plain text to represent complex page designs. • It was adopted by e-mail programs so users could use different fonts, colors, and pictures in their e-mails. • Some e-mail programs (outlook) have a preview panethat enables users to read e-mails without opening them in full screen. • This preview activates all the content in the e-mail message. • Users need not run the program or open the e-mail to activate the worm—they just need to view the e-mail in the preview pane.

  6. Prevention • Preventative measures include: • Examine all e-mails for a known source and destination, especially if the e-mails have attachments. • Check strange files or unexpected attachments. • Know that viruses may be executed by opening the e-mail or viewing it in the preview pane. • Education and proper administration is also useful in configuring the e-mail software to be as virus-resistant as possible. • Have a well thought out virus-scanning procedure • Perform virus scanning on every e-mail as it enters the organization’s server. Some users attempt to retrieve e-mail from their normal off-site ISP account. This may bypass the server-based virus protection.

  7. Hoaxes and others • E-mail hoaxes are a nuisance. • They cost everyone not only in the time wasted by receiving and reading the e-mail, but also in the Internet bandwidth and the server processing time. • An e-mail hoax is a global urban legend traveling from one e-mail account to the next. • Most have a common theme of some story that must be told right away or some virus that everyone should beware. • Cell Phones are rich targets

  8. Spam • Spam is the common term for unsolicited commercial e-mail. • The term comes from a skit on Monty Python's Flying Circus where two people are in a restaurant that only serves spam. • Targets individual users with direct mail messages • Creates lists by: • Scanning Usenet postings • Stealing Internet mailing lists • Searching the Web for addresses • Uses automated tools to subscribe to as many mailing lists as possible • The appeal of spam is the extremely low cost per advertising impression, less than a cent apiece. • The amount of spam is large enough to trigger state and federal legislators to consider action. • No effective laws have been passed and this has forced most people to seek technical solutions to the spam problem.

  9. Unsolicited Commercial E-Mail (Spam) • One way to fight spam is to be cautious about where to post e-mail addresses. • Users cannot keep e-mail addresses secret just to avoid spam. • Educate users – use caution where you post your email address • Shut down email relaying – An open relay (sometimes called an insecure relay or a third-party relay) is an SMTP e-mail server that allows third-party relay of e-mail messages. By processing mail that is neither for nor from a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of spam. • Filter spam at the host, or at the server. At the host, it is done with filtering focusing on sender, subject, or text of the email; effective but resource intensive. • Spam can also be filtered at the server level by using pattern matching, and a BlackList.

  10. Mail Encryption • Two encrytpion methods used for plain text email. • S/MIME • PGP • While PGP can encrypt the content of any data (eg, any computer file or message text), it is most commonly used for e-mail, which has no built-in security as originally implemented. PGP and S/MIME are two (incompatible) official email security systems which are currently NIST specified standards.

  11. S/MIME • S/MIME (Secure/Multipurpose Internet Mail Extensions) is a secure implementation of the MIME protocol specification. • The original e-mail RFC specified text e-mail, so any non-text data had to be handled by a new specification—MIME, which handles audio files, images, applications, and multipart e-mails and file transfers. • S/MIME was developed by RSA Data Security. • It uses the X.509 format for certificates. • The specification supports 40-bit RC2 and 3DES for symmetric encryption. • The protocol can encode the message in one of the two ways: • The host mail program can encode the message with S/MIME. • The server can act as the processing agent, encrypting all messages between hosts.

  12. S/MIME • The host-based operation • The mail agent encodes the message using the generated symmetric key. • Then, the symmetric key is encoded with the remote user's public key or the local user's private key. • If the message is signed by the sender, it will be signed with the sender's public key, guaranteeing the source of the message. • As encryption is based on difficult mathematical problems, it takes time to encrypt and decrypt. • To expedite this, asymmetric encryption is used to encrypt only a relatively small amount of data, the symmetric key. • The symmetric key is then used to encrypt the rest of the message. The S/MIME process of encrypting e-mails provides integrity, privacy, and authentication if the message is signed. GMAIL supports S/MIME

  13. PGP • Pretty Good Privacy (PGP) implements e-mail security in a similar way to S/MIME using different protocols. • The user sends the e-mail, and the mail agent applies encryption as specified in the mail program. • The content is encrypted with the generated symmetric key using Diffiie Hellman and RSA • Senders can also sign the mail with their private key, • PGP stores encrypted messages in the encrypted format, as S/MIME. • PGP supports Public Key Infrastructure (PKI) provided by multiple vendors, including X.509 certificates and LDAP key sources • It transmits the public keys to the PGP LDAP server. • PGP provides security against brute-force attacks by using 3DES key length of 168 bits, an IDEA key length of 128 bits and a CAST key length of 128 bits.

  14. Mail Encryption • Like S/MIME, the PGP protocol is not problem-free. • There is a lot of discussion about the way PGP handles key recovery, or key escrow. • PGP uses Additional Decryption Key (ADK), which is an additional public key stacked upon the original public key. • This gives an organization a private key that would be used to retrieve secret messages. • In practice, the ADK is not controlled by a properly authorized organization. • The danger exists for someone to add an ADK and then distribute it to the world.

  15. Remedies • User Awareness Training • Tighten Client Security Settings • Antivirus Gateways / Content Filtering • Desktop AV That Supports Email • Web Proxies • Host Based IDS (HIDS) • Group Policy Objects • Fraudulent Spam? • Open Relays • Blacklisting: RBL • Spam Filters • ActiveState PerlMX • Spam Assassin

More Related