© UPU 2014 – All rights reserved Mitigating online risk for postal e-services.

Slides:

Advertisements

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Advertisements

Eloqua Providing Industry-Leading Management Tools.

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Introduction to ICANN’s new gTLD program. A practical example: the Dot Deloitte case. Jan Corstens, Partner, Deloitte WIPO Moscow, 9 Dec 2011.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Wireless and Security CSCI 5857: Encoding and Encryption.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.

PSTN – User ENUM – „Infrastructure ENUM“ An ETSI View Richard Stastny IETF60 San Diego.

® Copyright 2008 Adobe Systems Incorporated. All rights reserved. Bobby Caudill Solution Architect, Global Government August 2008 Adobe Solutions for Government.

X-Road – Estonian Interoperability Platform

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Ministry of Transport, Information Technology and Communications

Possible elements of the technical standards Pre-sessional consultations on registries Bonn, 2-3 June 2002 Andrew Howard UNFCCC secretariat

A Trust Overlay for Operations: DKIM and Beyond Dave Crocker Brandenburg Internet Working bbiw.net Apricot / Perth 2006 Dave Crocker Brandenburg.

Dimensions of E – Commerce Security

Bangkok, Thailand, 25 Aug 2014 Mongolian ICT sector standardization Chuluunbat Tsendsuren Type Approval Officer Communications Regulatory Commission of.

Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” Marco Carugi.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Engineering Essential Characteristics Security Engineering Process Overview.

1 UNECE Capacity Building Workshop on Trade Facilitation Implementation: October 2004 Electronic PostMark (EPM) Security & Authentication for eTrade Documents.

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Accredited DomainKeys: A Service Architecture for Improved Validation Accredited DomainKeys: A Service Architecture for Improved Validation.

Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

© UPU 2010 – All rights reserved International e-services Farah Abdallah E-Postal Services Programme UPU.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Copyright BRISA 2001ITU —Multimidia in the 21st CenturyJun 5, 2001 Security Requirements for Business Communication HENRIQUE DE CONTI.

X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Supports the development & implementation of a IPPC Global ePhyto Hub to: Utilize modern Cloud technology. Ensure there is a secure folder for each countries’

Securing Access to Data Using IPsec Josh Jones Cosc352.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

What Is DMARC Brian Reid Microsoft Office Servers and Services MVP

Real World Advanced Threat Protection

1/16/2019 4:44 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Slides Credit: Sogand Sadrhaghighi

Microsoft Data Insights Summit

Presentation transcript:

© UPU 2014 – All rights reserved Mitigating online risk for postal e-services

© UPU 2014 – All rights reserved

.post general overview Active monitoring on.post TLD against Domain name Abuse detection and Mitigation Internal Policies ( SMTP) PostID Test Suite PREM S52 & Functional specifications for SMTP secure service ITU and UPU joint project for secure

© UPU 2014 – All rights reserved is a sponsored top-level domain (sTLD) available exclusively for the postal sector aims to integrate the physical, financial, and electronic dimensions of postal services to enable and facilitate e-post, e-finance, e-commerce and e-government services. Integration of postal services Interconectivity Global standarization on e-services.post general overview

© UPU 2014 – All rights reserved Active monitoring Monitoring against Malware Phishing Spam IP monitoring

© UPU 2014 – All rights reserved Statistics extracted in August 2014

© UPU 2014 – All rights reserved What else to do?

© UPU 2014 – All rights reserved 1st Internal policy SMTP Approved during last DPG GA April 2014 Do not use open Relay - enable SMTP authentication 2. Activate Reverse DNS lookup on the server 3. Enable Domain Keys Identified Mail (DKIM) 1024 bit key signature, if possible in conjunction with Domain-based Message Authentication (DMARC) 4. Implement a Sender Policy Framework (SPF) + Trust via accreditations +DNSSEC (Domain Name Security Extensions) +DMP (Domain Management Policy)

© UPU 2014 – All rights reserved Normal is not a secure way of communication due to :  Authenticity of sender: Using normal it is uncertain that the sender of the is actually the genuine person you think it is; it could be someone else and the receiver probably wouldn’t notice it;  Non-Repudiation: The receiver of normal can not verify the integrity of the content, have proof who the sender really is; therefore the sender can deny that what you have received is what the sender has sent and/or that the sender has sent that at all; Why?

© UPU 2014 – All rights reserved Functional specifications for secure content Internal (SMTP ) Domestic (SMTP ) Cross border (SMTP ) Worldwide exchange (S52)* PostID *S52 test Suite to test compliance with standard available third quarter 2014.

© UPU 2014 – All rights reserved What is post ID and why we are creating it? Electronic identities is growing which are causing complex interaction for the end-user Posts are already engaged in postal electronic identity registration/authentication/verification/e-services like: Real Me NZ Post, Swiss Post Swiss ID and some others. Separate developments can lead to incoherent solutions Interconectivity between domestic solutions can be beneficial for the international comunity UPU aim is to create a federated identity ecosystem WHY? In order that the interactions can be based on regulations standards and solutions.

© UPU 2014 – All rights reserved Approved during last POC meeting and currently with status 0. Include a description of a Trusted network and different levels of assurance

© UPU 2014 – All rights reserved Trust frameworks are not technical specifications; they are agreements among members as to which specifications, and at what conditions, will be used to support the S64 standard for postal electronic identity. What else we need? The global postal network could create a trust framework for its use, which may be extended to other non-postal use, if desired. Current work for PostID

© UPU 2014 – All rights reserved E-shop e-government Financial services Certified cloud services Secure register Global postal services Post ID and.post Trusted crossborder e- commerce services

© UPU 2014 – All rights reserved Next steps? Complete work on PostID standard Interconectivity/Capacity building for adoption Global standarization on e- services

© UPU 2014 – All rights reserved With their 42.post members and large physical post office Network, the.post Group is studying risks and opportunities of providing a secure service under.post in Since trust and security are keys for success of.post. and other e-services used under.post environment should be secure and trusted as well. Who is in?

© UPU 2014 – All rights reserved Platform independent Mobile device compatibility Two factor authentication Compatible with business and legal local regulations Complete control for administration Posible to use secure cloud services Together with Implementation of Preventive controls Detective controls Corrective controls Who else? ITU and UPU joint project