Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ All-In-One Edition Chapter 14 – Email and Instant Messaging Brian E. Brzezicki.

Published byAugustus Daniels Modified over 9 years ago

Similar presentations

Presentation on theme: "Security+ All-In-One Edition Chapter 14 – Email and Instant Messaging Brian E. Brzezicki."— Presentation transcript:

1 Security+ All-In-One Edition Chapter 14 – Email and Instant Messaging Brian E. Brzezicki

2 Email Yeah, I have nothing catchy for the first slide…

3 Internet (425) The Internet has been around for a LONG time... For most of it’s life nobody cared about the Internet except for government, researchers and geeks like me. The Internet was never intended for security. IT was indented as a resilient network for communications. Nobody ever though it would be used for what it’s used for today

4 Email (425) Email has been around for a LONG time as well, as such the is NO security in the SMTP protocol. It was assumed that everyone who was using Email would just “play nice” No Authentication No Encryption Email wasn’t even intended to send anything advanced (like images, sounds, word documents).. It was just intended to send text. (more)

5 Email No a days there is a lot of security concerns with email which we are already familiar with Method for sending viri, Trojans, and worms Phishing attacks Hoaxes SPAM (more)

6 Email Security There is also one other major problem with email that you might not realize… Email is counted on by organization for a means of communications, some would say it’s even mission critical. That leaves two problems that we need to discuss Forged email Compromise of confidential information sent over email

7 Forged Email Forging of email is TRIVIAL in most cases. (do example if we already did not) What are some concerns with forged emails? (more)

8 Forged Email Can anyone think of any technologies we already discussed that can help with the email forgery problem?

9 Signing Email If we use digital certificates we can sign our emails to prove it’s from us! (we’ll talk about how to do this later)

10 Email Encryption (431) The other problem with email is that sensitive information might be sent over email. (SSNs, Credit Card #s etc). If we sent email that was encrypted from person to person we’d be able to solve this problem…

11 Email Security (431) There are two technologies we can use to secure email both by providing non- repudiation services, and encryption services We will talk about each of these next S/MIME PGP

12 S/MIME

13 S/MIME (431) MIME was the original extension to email that allowed us to attach files in email, such as images and sounds and word documents etc. SMIME is an extension to MIME that allows for Integrity, privacy and sender authentication Uses x.509 digital certificates Uses RC2 or Triple DES (be aware some default to 40 bit RC2.. Which is very weak)

14 PGP (431) PGP is a product that has been around for a while. Can provide Integrity, Security and Non-Repudiation Used to use a web of trust model, but now can tie into an organizations PKI. Supports IDEA, 3DES, CAST Originally used MD5 hashes, newer versions default to the SHA series.

15 PGP signed message example

16 PGP encrypted and signed

17 Optional Time permitting show how to sign or encrypt a PGP message on Linux.

18 Other random Email stuff (430) Content based filtering – Some companies try to ensure that sensitive information is not sent over email. They may scan outgoing email for text that looks like SSNs or credit card numbers etc. Real Time Black Hole Lists – explain Grey listing – did we discuss this yet?

19 Instant Messaging (435) Instant Messaging is another popular applications. However there are some security concerns with IM Easy way to leak information out of a company Avenue for downloading Trojans, worms and viruses Often no true authentication Often no encryption

20 IM Countermeasures Disable IM software, don’t allows users to install software Block IM ports (often hard) Install and maintain an organizational server if IM communications are used within an organization

21 Chapter 14 - Review Q. What does a Realtime Black hole list do? Q. What is Grey listing Q. Why do we need public key cryptography for email? Q. What are the two encryption protocols that S/MIME uses? _ _ 2 & _ _ _ S

22 Chapter 14 - Review Q. What mechanism are often used to distribute SPAM Q. What is phishing? What the best countermeasure against it? Q. Is SMTP encrypted? Does is provide user authentication?

Download ppt "Security+ All-In-One Edition Chapter 14 – Email and Instant Messaging Brian E. Brzezicki."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.

Similar presentations

Ads by Google