Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Published byJessica Mathews Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition E-mail and Instant Messaging Chapter 16

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Objectives Describe security issues associated with e-mail. Implement security practices for e-mail. Detail the security issues of instant messaging protocols.

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms AOL Instant Messenger (AIM) Botnet E-mail E-mail hoax Encryption Instant messaging (IM) Mail relaying Open relay Pretty Good Privacy (PGP) Realtime Blackhole List (RBL) Secure/Multipurpose Internet Mail Extensions (S/MIME) Sender Policy Framework (SPF) Simple Mail Transfer Protocol (SMTP) Spam Trojan horse program Unsolicited commercial e-mail Virus Worm

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition E-mail Usage

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Security of E-mail Originally launched unsecure; remains unsecure. Internet e-mail depends on three primary protocols: – SMTP – POP3 – IMAP Used as a medium: –To spread viruses –To forward hoaxes Similar to Instant Messaging.

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Example List of Spam E-mails

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition AOL Instant Messenger Program

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Malicious Code Can be found and dispersed by many different methods: –Worm –Virus –Trojan horse program –Botnet

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Viruses Commonly Spread Through E-mail Attachments

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Malicious Code Protection Measures –Antivirus –E-mail scan –Disable Preview panes Scripting support –Follow safe practices and procedures –Educating employees

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hoax E-mails E-mail hoaxes are mostly a nuisance, wasting everyone’s time, taking up Internet bandwidth and server processing time as well. Sites like Snopes.com debunk such hoaxes.

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Famous Hoax: The Neiman-Marcus story

13 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Unsolicited Commercial E-mail (Spam) Spam refers to unsolicited commercial e-mail whose purpose is the same as the junk mail you get in your physical mailbox—it tries to persuade you to buy something. The term spam comes from a skit on Monty Python’s Flying Circus, where two people are in a restaurant that serves only the potted meat product. This concept of the repetition of unwanted things is the key to e-mail spam.

14 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Ways to fight spam include: –E-mail filtering –Educate users about spam Cautious internet surfing Cautious towards unknown e-mail –Shut down open relays –Host/server filters –Blacklisting or DNSBL –Greylisting Fighting Spam

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Mail Encryption Provision for confidentiality or more commonly known as privacy. E-mail is sent in the clear—clear text—unless the message and/or attachments are encrypted. E-mail content encryption methods include: –S/MIME –PGP

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition S/MIME Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure implementation of the MIME protocol specification. MIME was created to allow Internet e-mail to support new and more creative features. MIME allows e-mail to handle multiple types of content in a message, including file transfers. Every time you send a file as an e-mail attachment, you are using MIME. S/MIME takes this content and specifies a framework for encrypting the message as a MIME attachment.

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Configuration Settings in Outlook

18 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Pretty Good Privacy (PGP) PGP implements e-mail security in a similar fashion to S/MIME, but uses completely different protocols. The basic framework is the same: –The user sends the e-mail, and the mail agent applies encryption as specified in the mail program’s programming. –The content is encrypted with the generated symmetric key, and that key is encrypted with the public key of the recipient of the e-mail for confidentiality.

19 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition PGP manages keys locally in its own software. This is where a user stores not only local keys, but also any keys that were received from other users. A free key server is available for storing PGP public keys. Pretty Good Privacy (PGP)

20 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Decoding a PGP-encoded Message in Eudora

21 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Pretty Good Privacy (PGP) PGP has plug-ins for many popular e-mail programs, including Outlook and Qualcomm’s Eudora. These plug-ins handle the encryption and decryption behind the scenes, and all that the user must do is enter the encryption key’s passphrase to ensure that they are the owner of the key.

22 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Instant Messaging Technology that allows individuals to chat online. AOL Instant Messenger (AIM) is a prevalent chat application.

23 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Instant Messaging To work properly IM has to: –Attach to a server (typically announcing the IP address of the originating client) –Announce your presence on the server

24 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Instant Messaging

25 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Describe security issues associated with e-mail. Implement security practices for e-mail. Detail the security issues of instant messaging protocols.

Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations

Basic Communication on the Internet:

Basic Communication on the Internet:
Managing Incoming Email Chapter 3 Bit Literacy. Terminology Email client – program which retrieves emails from a mail server, lets you read the mails,

Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
Email. Email: How it works? To send an email you need an email Software or Web Based email To send an email to a friend you need to know their email Address.

. How it works? To send an you need an Software or Web Based To send an to a friend you need to know their Address.
Unit 11 Communication & Collaboration.  Identify different communication methods  Identify advantages of electronic communication  Identify common.

Unit 11 Communication & Collaboration.  Identify different communication methods  Identify advantages of electronic communication  Identify common.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
Basic Communication on the Internet: E-Mail Integrated Browser E-Mail Programs and Web-Based E-Mail Services Tutorial 3.

Basic Communication on the Internet: Integrated Browser Programs and Web-Based Services Tutorial 3.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Email Spam Works.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Software. E-mail stands for electronic mail. E-mail software enables you to send an electronic message to another person anywhere in the world. The message.

Software. stands for electronic mail. software enables you to send an electronic message to another person anywhere in the world. The message.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
1 What is Electronic Mail Exchanging information via computer networks Electronic mail addresses SMTP (Simple Mail Transfer Protocol) Client/Server based.

1 What is Electronic Mail Exchanging information via computer networks Electronic mail addresses SMTP (Simple Mail Transfer Protocol) Client/Server based.

Similar presentations

Ads by Google