Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Similar presentations


Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition E-mail and Instant Messaging Chapter 16

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Objectives Describe security issues associated with e-mail. Implement security practices for e-mail. Detail the security issues of instant messaging protocols.

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms AOL Instant Messenger (AIM) Botnet E-mail E-mail hoax Encryption Instant messaging (IM) Mail relaying Open relay Pretty Good Privacy (PGP) Realtime Blackhole List (RBL) Secure/Multipurpose Internet Mail Extensions (S/MIME) Sender Policy Framework (SPF) Simple Mail Transfer Protocol (SMTP) Spam Trojan horse program Unsolicited commercial e-mail Virus Worm

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition E-mail Usage

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Security of E-mail Originally launched unsecure; remains unsecure. Internet e-mail depends on three primary protocols: – SMTP – POP3 – IMAP Used as a medium: –To spread viruses –To forward hoaxes Similar to Instant Messaging.

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Example List of Spam E-mails

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition AOL Instant Messenger Program

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Malicious Code Can be found and dispersed by many different methods: –Worm –Virus –Trojan horse program –Botnet

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Viruses Commonly Spread Through E-mail Attachments

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Malicious Code Protection Measures –Antivirus –E-mail scan –Disable Preview panes Scripting support –Follow safe practices and procedures –Educating employees

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hoax E-mails E-mail hoaxes are mostly a nuisance, wasting everyone’s time, taking up Internet bandwidth and server processing time as well. Sites like Snopes.com debunk such hoaxes.

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Famous Hoax: The Neiman-Marcus story

13 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Unsolicited Commercial E-mail (Spam) Spam refers to unsolicited commercial e-mail whose purpose is the same as the junk mail you get in your physical mailbox—it tries to persuade you to buy something. The term spam comes from a skit on Monty Python’s Flying Circus, where two people are in a restaurant that serves only the potted meat product. This concept of the repetition of unwanted things is the key to e-mail spam.

14 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Ways to fight spam include: –E-mail filtering –Educate users about spam Cautious internet surfing Cautious towards unknown e-mail –Shut down open relays –Host/server filters –Blacklisting or DNSBL –Greylisting Fighting Spam

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Mail Encryption Provision for confidentiality or more commonly known as privacy. E-mail is sent in the clear—clear text—unless the message and/or attachments are encrypted. E-mail content encryption methods include: –S/MIME –PGP

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition S/MIME Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure implementation of the MIME protocol specification. MIME was created to allow Internet e-mail to support new and more creative features. MIME allows e-mail to handle multiple types of content in a message, including file transfers. Every time you send a file as an e-mail attachment, you are using MIME. S/MIME takes this content and specifies a framework for encrypting the message as a MIME attachment.

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Configuration Settings in Outlook

18 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Pretty Good Privacy (PGP) PGP implements e-mail security in a similar fashion to S/MIME, but uses completely different protocols. The basic framework is the same: –The user sends the e-mail, and the mail agent applies encryption as specified in the mail program’s programming. –The content is encrypted with the generated symmetric key, and that key is encrypted with the public key of the recipient of the e-mail for confidentiality.

19 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition PGP manages keys locally in its own software. This is where a user stores not only local keys, but also any keys that were received from other users. A free key server is available for storing PGP public keys. Pretty Good Privacy (PGP)

20 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Decoding a PGP-encoded Message in Eudora

21 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Pretty Good Privacy (PGP) PGP has plug-ins for many popular e-mail programs, including Outlook and Qualcomm’s Eudora. These plug-ins handle the encryption and decryption behind the scenes, and all that the user must do is enter the encryption key’s passphrase to ensure that they are the owner of the key.

22 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Instant Messaging Technology that allows individuals to chat online. AOL Instant Messenger (AIM) is a prevalent chat application.

23 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Instant Messaging To work properly IM has to: –Attach to a server (typically announcing the IP address of the originating client) –Announce your presence on the server

24 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Instant Messaging

25 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Describe security issues associated with e-mail. Implement security practices for e-mail. Detail the security issues of instant messaging protocols.


Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations


Ads by Google