1.  ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University

2. E-mail Security  How E-mail works  Receiving E-mail  POP3  IMAP  Sending E-mail  SMTP  Various malicious uses  Social Engineering  Spam

3. How E-mail Works

5. E-mail Accounts  E-mail accounts are virtual addresses for sending and receiving e-mail  An e-mail account is representative of a user on a server  E-mail account names are only unique per domain  adam@gmail.com adam@gmail.com  adam@yahoo.com  Account Aliasing  adam@gmail.com adam@gmail.com  a@gmail.com a@gmail.com  adambrown@gmail.com adambrown@gmail.com

6. Simple Mail Transfer Protocol (25)  SMTP is at the heart of the Internet’s electronic mail system.  Client-Server architecture  No intermediate SMTP servers normally  SMTP is a push protocol  7-bit ASCII encoding required  No authentication required

7. Mail Message Formats  E-mail was modeled after snail-mail  Peripheral information stored in a header  Headers contain very valuable information  Body of the message follows the header From: alice@auburn.edualice@auburn.edu To: bob@auburn.edubob@auburn.edu Subject: Searching for the meaning of life. Typical Message Header

8. POP3 (110) vs. IMAP (143)  Mail Access Protocols  Post Office Protocol (POP3)  Extremely simple protocol  Client-Server architecture  Three Phases  Internet Message Access Protocol (IMAP)  Much more functionality than POP3  Remote management  Isolated component retrieval

9. Receiving E-mail  Spam  Phishing  Fraud  HTML E-mail  Attachment Security  Forged Headers

10. Tell-Tale Signs of Illegitimate Email  Unexpected Origin  Too Good to be True  Domain Mismatch  Over-Complex Language  Illogical Urgency  Embedded Web Links Mismatch  Active Content

11. Fake Email

12. Fake Email Cont.

13. Spam, Phishing, and Fraud  Is spam a security threat?  What types of spam are there?  How does spam compliment phishing?  What is e-mail fraud?  Hundreds of millions of dollars are lost annually to e-mail fraud and continue to rise

14. HTML E-mail  Why might this be a bad idea?  What kind of information can be stolen?  What are web bugs?  Remote code execution  Denial of Service

15. Forged Headers

18. Sending E-mail  Digital Certificates  Digital Signatures  PGP and GPG  MIME Your Manners

19. Digital Certificates  What is a digital certificate?  Certificate Authorities  How do they work?  Asymmetric Encryption

20. Digital Signatures  What is a Digital Signature?  Protects  Non-repudiation  Data Integrity  How does it accomplish this?  The message digest  Digest comparison

21. PGP and GPG  Pretty Good Privacy  Asymmetric Encryption  Non-centralized web of trust  Key pairs  PGP Servers

22. MIME Your Manners  Multi-purpose Internet Mail Extensions  Ability to attach files  No security benefit  S/MIME  Security Benefits and Issues

23. Connection Security (SSL/TLS)  Secure Sockets Layer / Transport Layer Security  Most widely deployed security protocol used today  Operates on top of TCP  Lengthy handshake process  Ensures secure communication

24. You Know You Love It!

25. Where’s the Mail Room?  Mail Exchanger Records  nslookup  Queries DNS for certain records for a given host  dig  Domain Information Groper  host  Normally used to convert host names to IP addresses

26. Find the Mail Server  google.com  yahoo.com  auburn.edu  aol.com nslookup > set type=mx > domain-name.com dig domain-name.com MX host -t MX domain-name.com

27. Sending Mail via Your Favorite  Sending and Receiving Mail from the terminal is awesome!  Why is he making us do this?  What all do we have to do?  Can we take a break if we do it?