Lesson 16-E-mail. Background  E-mail is the most popular application on the Internet and the intranet.  Twelve million e-mails were sent each day in.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Basic Communication on the Internet:

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Principles of Information Security, 2nd edition1 Cryptography.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Lesson 7: Business, , & Personal Information Management

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Security Jonathan Calazan December 12, 2005.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Guide to Operating System Security Chapter 10 Security.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Chapter 5. Learning Objectives Understand the need for secure Outline benefits of PGP and S/MIME Understand vulnerabilities and how.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Electronic Mail Security

OCR Nationals – Unit 1 AO2 (Part 2) – s. Overview of AO2 (Part 2) To select and use tools and facilities to download files/information and to send.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.

Electronic mail security. Outline Pretty good privacy S/MIME.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.

E- SAFETY GROUP MEMBERS:  MALINI A/P KUMAR  PREMA A/P PARAMASIVAN.

Security is often cited as a major barrier to electronic commerce. Prospective buyers are leery of sending credit card information over the web. Prospective.

SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.

1 Figure 9-6: Security Technology  Clients and Mail Servers (Figure 9-7) Mail server software: Sendmail on UNIX, Microsoft Exchange,

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.

Security fundamentals Topic 9 Securing internet messaging.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Understand Malware LESSON Security Fundamentals.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

Invitation to Computer Science 5 th Edition Chapter 8 Information Security.

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

Principles of Computer Security, Fourth Edition Copyright © 2016 by McGraw-Hill Education. All rights reserved. and Instant Messaging Chapter 16.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Network System Security - Task 2. Russell Johnston.

Security Issues in Information Technology

Chapter 40 Internet Security.

Security is one of the most widely used and regarded network services

S/MIME T ANANDHAN.

ELECTRONIC MAIL SECURITY

ELECTRONIC MAIL SECURITY

Test 3 review FTP & Cybersecurity

Presentation transcript:

Lesson 16-

Background  is the most popular application on the Internet and the intranet.  Twelve million s were sent each day in 2001, and a rough total of 4.38 billion s were sent in the year.  In 2000, there were 569 million boxes in the world.

Objectives  Upon completion of this lesson, the learner will be able to: – List various security issues associated with . – Describe some of the security practices for . – List and describe software used to improve confidentiality.

Security of Transmissions  Users should secure s as they send and receive the messages.  Security administrators can provide users the tools to fight security problems.  Server-based and desktop-based virus protection help block malicious code, while spam filters help block unsolicited commercial .

Malicious Code  Viruses spread faster by .  Modern viruses evolved from the ones that were scripted to send themselves to other users. – This type of virus is known as a worm. – A worm uses its code to automate the infection process.

Malicious Code Transmission  The method of transmission requires users to execute the worm. – Mail worms use multiple methods of attack, which include: Sending multiple infected s. Scanning hosts on the Internet, looking for a specific vulnerability. Finding the vulnerability and infecting the target.  Viruses and worms endanger individual systems and network security since they introduce malicious traffic to other machines.  This causes a loss of data and potentially discloses private data.

Trojan Horse  A Trojan horse is a program that seems to be one thing while actually having a hidden purpose. – They may do what they claim, but they also install some other program that allows an attacker to control an infected machine remotely. – Once control is achieved, the attacker can use the machine to perform any number of tasks.

Trojan Horse  The distribution of malicious code in is tied to the files that are attached to the messages. – Earlier, users had to execute attached files. – However, the advent of HTTP has changed this.

Malicious Code – HTML  Hypertext Markup Language (HTML) allows plain text to represent complex page designs. – It was adopted by programs so users could use different fonts, colors, and pictures in their s.

Malicious Code – HTML  Some programs have a preview pane that enables users to read s without opening them in full screen.  This preview activates all the content in the message.

Malicious Code – HTML  Users need not run the program or open the to activate the worm—they just need to view the in the preview pane.

Malicious Code – HTML  Viruses are a security threat. – One of the most common transfer methods is through .  This threat can be reduced by educating the users and scanning for viruses.

Malicious Code – HTML  Most users are aware of viruses and the damage they cause. – They need to be briefed about specific activities when the virus comes through .

Malicious Code – Good Practice  Some good practices are: – Examine all s for a known source and destination, especially if the s have attachments. – Check strange files or unexpected attachments. – Know that viruses may be executed by opening the or viewing it in the preview pane. – Education and proper administration is also useful in configuring the software to be as virus-resistant as possible.

Malicious Code – Good Practice  Some good practices are (continued): – Have a well thought out virus-scanning procedure Perform virus scanning on every as it enters the organization’s server. Some users attempt to retrieve from their normal off-site ISP account. This may bypass the server- based virus protection.

Malicious Code – Good Practice  Every system should be protected with host-based virus protection programs.  These programs scan all files on a regular basis and perform checks on files upon execution.

Hoax s  hoaxes are a nuisance.  They cost everyone not only in the time wasted by receiving and reading the , but also in the Internet bandwidth and the server processing time.

Hoax s  An hoax is a global urban legend traveling from one account to the next.  Most have a common theme of some story that must be told right away or some virus that everyone should beware.

Unsolicited Commercial (Spam)  Spam is the common term for unsolicited commercial e- mail. – The term comes from a skit on Monty Python's Flying Circus where two people are in a restaurant that only serves spam. – The key to spam is the concept of repetition of unwanted things.

Unsolicited Commercial (Spam)  The appeal of spam is the extremely low cost per advertising impression. – Senders can send their messages for less than a cent apiece.  This is less expensive than traditional direct mail or print advertisements. – The low cost ensures the continued growth of spam unless something is done.

Unsolicited Commercial (Spam)  The amount of spam is large enough to trigger state and federal legislators to consider action. – No effective laws have been passed and this has forced most people to seek technical solutions to the spam problem.  One way to fight spam is to be cautious about where to post addresses. – Users cannot keep addresses secret just to avoid spam. – One of the steps many system administrators of Internet e- mail servers have taken to reduce spam is to shut down mail relaying.

Unsolicited Commercial (Spam)  It is not possible to close all mail relays. – Spammers will mail from their own mail servers.  Software must be used at the recipient's end to combat spam.

Unsolicited Commercial (Spam)  Spam can be filtered at the host level with pattern matching, focusing on the sender, the subject, or the text of the .  Spam can also be filtered at the server level by using pattern matching, but some mail software also use the Realtime Blackhole List. This list is maintained for blocking spam mail.

Unsolicited Commercial (Spam)  Other methods – There are commercial packages that block spam at the server level using both the methods by maintaining their own blacklists and pattern-matching algorithms.

Mail Encryption  has always been a plaintext protocol. – is sent with the clear text of the message exposed to anyone who is sniffing the network. – Any attacker at a choke point in the network could read all e- mails passing through that network segment.

Mail Encryption  s must be encrypted to solve problems associated when sending them.  They can be encrypted using: – S/MIME – PGP

S/MIME  S/MIME (Secure/Multipurpose Internet Mail Extensions) is a secure implementation of the MIME protocol specification.  S/MIME was developed by RSA Data Security. It uses the X.509 format for certificates.  The original RFC specified text , so any non- text data had to be handled by a new specification—MIME, which handles audio files, images, applications, and multipart s.  This allows s to handle multiple types of content, including file transfers.

S/MIME  The specification supports 40-bit RC2 and 3DES for symmetric encryption.  The protocol can encode the message in one of the two ways: – The host mail program can encode the message with S/MIME. – The server can act as the processing agent, encrypting all messages between hosts.

S/MIME  The host-based operation starts when the user clicks Send. The mail agent encodes the message using the generated symmetric key.  Then, the symmetric key is encoded with the remote user's public key or the local user's private key. This enables the remote user to decode the symmetric key and then decrypt the actual content of the message.  All this is handled by the user's mail program.  If the message is signed by the sender, it will be signed with the sender's public key, guaranteeing the source of the message.

S/MIME  Symmetric and asymmetric encryption are used in s to increase the speed of encryption and decryption.  As encryption is based on difficult mathematical problems, it takes time to encrypt and decrypt.  To expedite this, asymmetric encryption is used to encrypt only a relatively small amount of data, the symmetric key.  The symmetric key is then used to encrypt the rest of the message.

S/MIME  The S/MIME process of encrypting s provides integrity, privacy, and authentication if the message is signed.  Some of the problems with its implementation are: – S/MIME allows the user to select low strength (40-bit) encryption. The user can send a message that is thought to be secure but that can be more easily decoded than messages sent with 3DES encryption. – There may be flaws in software.

S/MIME in Outlook  Different settings can be used to encrypt messages and use X.509 digital certificates.  This allows interoperability with web certificates.

S/MIME in Outlook Express  In Outlook Express, the window is more simple.  The same functions of key management and secure e- mail operation are available.

PGP  Pretty Good Privacy (PGP) implements security in a similar way to S/MIME using different protocols.

PGP  The user sends the , and the mail agent applies encryption as specified in the mail program. – The content is encrypted with the generated symmetric key. That key is encrypted with the public key of the recipient of the , or with the private key of the sender.  Senders can also sign the mail with their private key, allowing the recipient to authenticate the sender.

PGP  PGP supports Public Key Infrastructure (PKI) provided by multiple vendors, including X.509 certificates and LDAP key sources such as Microsoft's Active Directory, and Novell's NDS.  PGP generates its own keys using Diffie-Hellman or RSA. It transmits the public keys to the PGP LDAP server.

PGP  For the encryption of the content, PGP supports IDEA, 3DES, and CAST for symmetric encryption.  PGP provides security against brute-force attacks by using: – A 3DES key length of 168 bits. – An IDEA key length of 128 bits. – A CAST key length of 128 bits.

Decoding PGP - Eudora  This shows the string of encrypted text that makes up the MIME attachment.  This text includes the encrypted content of the message and the encrypted symmetric key.

Decoding PGP - Eudora  The program does not decrypt the message upon receipt. It waits until instructed to do so.  PGP stores encrypted messages in the encrypted format, as S/MIME. – It provides end-to-end security for the message.

Mail Encryption  Like S/MIME, the PGP protocol is not problem-free.  There is a lot of discussion about the way PGP handles key recovery, or key escrow. – PGP uses Additional Decryption Key (ADK), which is an additional public key stacked upon the original public key.

Mail Encryption  This gives an organization a private key that would be used to retrieve secret messages. – In practice, the ADK is not controlled by a properly authorized organization. – The danger exists for someone to add an ADK and then distribute it to the world.