Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Technology Clients and Mail Servers

Published byPierce Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Technology Clients and Mail Servers"— Presentation transcript:

1 E-Mail Security E-Mail Technology E-Mail Clients and Mail Servers
Mail server software: Sendmail on UNIX, Microsoft Exchange, and Lotus/IBM

2 E-Mail Standards SMTP to Send POP or IMAP to Download SMTP to Send
Sender’s Mail Server Receiver’s Mail Server Sending Client Receiving Client Message RFC 822 or 2822 body HTML body

3 E-Mail Security E-Mail Technology
SMTP to send messages from client to mail server or from mail server to mail server To download messages to client program from receiver’s mail server POP: Simple and popular; manage mail on client PC IMAP: Can manage messages on mail server

4 E-Mail Security E-Mail Technology E-mail bodies
RFC 822 / RFC 2822: Plain English text HTML bodies: Graphics, fonts, etc. HTML bodies might contain scripts, which might execute automatically when user opens the message Web-based needs only a browser on the client PC

5 No need to install new software
Web-Based Client’s Browser Webserver Program HTTP Request Message HTTP Response Message Webpage Containing Message Client PC Webserver with Web-Based Almost all client PCs now have browsers. No need to install new software

6 E-Mail Security E-Mail Content Filtering
Antivirus filtering and filtering for other executable code Especially dangerous because of scripts in HTML bodies Spam: Unsolicited commercial

7 E-Mail Security E-Mail Content Filtering
Volume is growing rapidly: Slowing and annoying users (porno and fraud) Filtering for spam also rejects some legitimate messages Sometimes employees attack spammers back; only hurts spoofed sender and the company could be sued

8 E-Mail Security Inappropriate Content
Companies often filter for sexually or racially harassing messages Could be sued for not doing so

9 E-Mail Security E-Mail Retention
On hard disk and tape for some period of time Benefit: Can find information Drawback: Can be discovered in legal contests; could be embarrassing Must retain some messages for legal purposes

10 E-Mail Security E-Mail Retention
Shredding on receiver’s computer to take messages back Send key to decrypt Make key useless after retention period so cannot retrieve anymore Might be able to copy or print before retention limit date Not good for contracts because receiver must be able to keep a copy

11 E-Mail Security E-Mail Retention
Message authentication to prevent spoofed sender addresses Employee training is not private; company has right to read Your messages may be forwarded without permission Never put anything in a message they would not want to see in court, printed in the newspapers, or read by their boss Never forward messages without permission

12 E-Mail Security E-Mail Encryption
Not widely used because of lack of clear standards PGP and S/MIME for end-to-end encryption How to get public keys of true parties? PGP uses trust among circles of friends: If A trusts B, and B trusts C, A may trust C’s list of public keys S/MIME requires expensive and cumbersome PKI

13 Cryptographic Protection for E-Mail
Mail Server SMTP, POP, etc. Over TLS SMTP, POP, etc. over TLS S/MIME with PKI or PGP with Circles of Trust Sending Client Receiving Client

14 E-Mail Security E-Mail Encryption
PGP and S/MIME for end-to-end encryption Ease of use S/MIME usually built in if available at all PGP usually a cumbersome add-on to TLS Between client and server

Download ppt "Security Technology Clients and Mail Servers"

Similar presentations

Basic Communication on the Internet:

Basic Communication on the Internet:
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Breaking Trust On The Internet

Breaking Trust On The Internet
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
How Clients and Servers Work Together. Objectives Web Server Protocols Examine how e-mail server and client software work Use FTP to transfer files Initiate.

How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
© 2009 Pearson Education, Inc. Publishing as Prentice Hall Networked Applications Chapter 11 Updated January 2009 Raymond Panko’s Business Data Networks.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Networked Applications Chapter 11 Updated January 2009 Raymond Panko’s Business Data Networks.
Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet.

Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Similar presentations

Ads by Google