Download presentation
Presentation is loading. Please wait.
Published byStephen Vernon Little Modified over 9 years ago
1
Application Security: E-Mail (April 10, 2013) © Abdou Illia – Spring 2013
2
2 Learning Objectives Discuss E-Mail security
3
3 E-Mail operation SMTP to Send Sending E-Mail Client Receiving E-Mail Client Sender’s SMTP Server (port 25) Local POP Server (port 110) Receiver’s SMTP Server (port 25) Local POP Server (port 110) POP to dwnld 1)sender@source.com sends email using stand-alone email-client to receiver@destination.comsender@source.com receiver@destination.com 2)Email client connects to SMTP server at mail.source.com (port 25) to pass the message. 3)SMTP server breaks address in two parts (receiver and destination.com). If destination.com is same as source.com, SMTP server uses delivery agent to pass message to Local POP server. If not, message is sent to receiver’s SMTP server. 4)Receiver’s SMTP server uses delivery agent to pass message to Local POP server. 5)When receiver connect, they download message to local computer. Simple Mail Transfer Protocol (SMTP) to transmit mail in real time to a user’s mail server or between mail servers Post Office Protocol –POP- to download mail to receiver when the receiver capable of downloading mail If SMTP server at source.com can’t connect to server at destination.com, message goes in a waiting queue at source.com. Server will periodically try to send (like every 15 minutes). After 4 hrs, server send an email to sender with a notice
4
4 E-Mail operation SMTP to Send Sending E-Mail Client Receiving E-Mail Client Sender’s SMTP Server (port 25) Local POP Server (port 110) Receiver’s SMTP Server (port 25) Local IMAP Server (port 143) IMAP to read, search, etc. Internet Mail Access Protocol (IMAP) is more advanced mail protocol: The email remains on server transmit mail in real time to a user’s mail server or between mail server and not downloaded to receiver’s computer Mails can be organized in folders on server. Mails can be read from any computer. Can download emails’ copy to work off-line without erasing from server. User can reply offline. The next time user connects, the replies are sent
5
5 E-Mail Security issues Given what you know about E-mail operation and emails in general, what are the main security and privacy issues associated with E- mail service?.
6
6 E-Mail Security issues Given what you know about email spams and sending inappropriate content (abusive email, harassment, etc.), what can be done to control these issues?
7
7 E-Mail Security: Filtering Email filtering can be done at all three levels Extrusion filtering: filtering for sending intellectual property out of corporation.
8
8 E-Mail Security: Encryption E-Mail Encryption Not widely used because of lack of clear standards IETF has not been able to settle upon a single standard because of in-fighting Three standards are used SSL/TLS S/MIME PGP
9
9 E-Mail Security E-Mail Encryption SSL/TLS only requires a digital certificate for servers. End-to-end encryption only if all parties involved use SSL/TLS. Secure/Multipurpose Internet Mail -S/MIME- uses digital signatures, which require receiver to know sender’s public key. PGP uses trust among circles of friends: If A trusts B, and B trusts C, A may trust C’s list of public keys
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.