Guide to Operating System Security Chapter 10 E-mail Security.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Basic Communication on the Internet:
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Mozilla Thunderbird. What is Thunderbird? client client Usenet newsgroup reader Usenet newsgroup reader RSS client RSS client Comparable.
Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Principles of Information Security, 2nd edition1 Cryptography.
Lesson 7: Business, , & Personal Information Management
How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.
1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Practical PC, 7 th Edition Chapter 9: Sending and Attachments.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Electronic Mail (SMTP, POP, IMAP, MIME)
Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Computer Concepts 2014 Chapter 7 The Web and .
Electronic Mail Security
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.
A form of communication in which electronic messages are created and transferred between two or more devices connected to a network.
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Masud Hasan Secue VS Hushmail Project 2.
Secure Socket Layer (SSL)
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.
(or ?) Short for Electronic Mail The transmission of messages over networks.
Electronic mail security. Outline Pretty good privacy S/MIME.
Windows Tutorial 4 Working with the Internet and
The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .
Module 6 Planning and Deploying Messaging Security.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
Unit 2—Using the Computer Lesson 14 and Electronic Communication.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Types of Electronic Infection
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
TCP/IP (Transmission Control Protocol / Internet Protocol)
CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.
Security fundamentals Topic 9 Securing internet messaging.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
Security SMIME IT352 | Network Security |Najwa AlGhamdi 1.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
TMG Client Protection 6NPS – Session 7.
Internet Business Associate v2.0
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
Chapter 7 Network Applications
Presentation transcript:

Guide to Operating System Security Chapter 10 Security

2 Guide to Operating System Security Objectives Understand the use of SMTP in and attacks on SMTP Explain how can be secured through certificates and encryption Discuss general techniques for securing Configure security in popular tools

3 Guide to Operating System Security Overview of SMTP Enables exchange of across networks and the Internet Provides reliable – but not guaranteed – message transport No logon ID or password required A client and server process

4 Guide to Operating System Security Sending by SMTP

5 Guide to Operating System Security Parts of SMTP Messages Address header  Envelope  Message header  Domain literal  Multihomed host  Host names Message text

6 Guide to Operating System Security Overview of SMTP Protocols used to store and retrieve  Post Office Protocol (POP)  Internet Message Access Protocol (IMAP)

7 Guide to Operating System Security Operating Systems That Use SMTP by Default Microsoft Outlook Express on Windows 2000/XP/2003 Microsoft Outlook in Windows-based systems that have Microsoft Office Ximian Evolution Mail in Red Hat Linux 9.x Mail in Mac OS X

8 Guide to Operating System Security Server Software Systems That Use SMTP Eudora Lotus Domino Mail Server Mailtraq Merak Microsoft Exchange Sendmail SuSE Linux Open Exchange Server

9 Guide to Operating System Security Attacks on SMTP Surreptitious alteration of a DNS server Direct use of command-line tools to attack SMTP communications Spread of unsolicited commercial (spam)

10 Guide to Operating System Security DNS Server Directing

11 Guide to Operating System Security Attacks Through Altering DNS Server Information

12 Guide to Operating System Security Using Command-Line Tools for Attacks Windows 2000/XP/2003  Attacker can use maliciously constructed to attack an SMTP server UNIX/Linux  Easier; attacker can use built-in command- line options

13 Guide to Operating System Security Unsolicited Commercial (UCE) Relatively inexpensive for sender Expensive for users whose resources are diminished by UCE traffic Expensive in terms of wasted time (estimated 25% of all Internet traffic is spam)

14 Guide to Operating System Security Ways to Control UCE (Spam) Turn off open SMTP relay capability Configure SMTP server to have restrictions Require a computer to authenticate to Microsoft Exchange before is relayed Direct not addressed to internal recipients to a bogus IP address Obtain tools to block

15 Guide to Operating System Security Securing Through Certificates and Encryption Ensures privacy Reduces chances of forgery or someone other than sender adding an attachment Accepted methods  Secure Multipurpose Internet Mail Extensions (S/MIME)  Pretty Good Privacy (PGP)

16 Guide to Operating System Security Using S/MIME Encryption Provides encryption and authentication for transmissions An extension of MIME

17 Guide to Operating System Security MIME Provides extensions to original SMTP address header information Different types of message content can be encoded for transport over the Internet Additional header fields  MIME-version  Content-type  Content-transfer-encoding  Content-ID  Content-description

18 Guide to Operating System Security Using S/MIME Encryption Uses digital certificates based on X.509 standard Has flexibility to use 168-bit key Triple DES Designed to follow Public-Key Cryptography Standards (PKCS)

19 Guide to Operating System Security Using PGP Security Provides encryption and authentication for transmissions Sometimes preferred by users of open systems (UNIX/Linux); enables use of X.509 or PGP digital certificates Unique characteristic of PGP certificate: web of trust

20 Guide to Operating System Security Contents of PGP Digital Certificate PGP version number Public key Information about certificate holder Digital signature of certificate holder Validity period of the certificate Preferred algorithm for the key

21 Guide to Operating System Security Typical Encryption Methods Used by PGP CAST IDEA Triple DES

22 Guide to Operating System Security Other Techniques for Securing Train users Scan Control the use of attachments

23 Guide to Operating System Security Training Users for Security Never send personal information or a password response via Delete from unrecognized sources Use message filtering, if available

24 Guide to Operating System Security Scanning Place virus scanning software on gateway Update virus definitions frequently Quarantine specific kinds of attachments Scan zipped files Scanner code should be written to be relatively fast

25 Guide to Operating System Security Controlling the Use of Attachments Delete attachments from unknown sources Never configure software to automatically open attachments Avoid using HTML format for opening Use virus scanner on before opening it Place attachments in quarantine

26 Guide to Operating System Security Backing Up For storage To ensure that unread is not lost if server goes down

27 Guide to Operating System Security Configuring Security in Popular Tools Microsoft Outlook Express Microsoft Outlook Ximian Evolution Mail in Red Hat Linux 9.x Mail in Mac OS X

28 Guide to Operating System Security Microsoft Outlook Express Included with Windows 2000/XP/2003 Can obtain messages from SMTP-based servers running server software Can be used to access newsgroups

29 Guide to Operating System Security Microsoft Outlook Express

30 Guide to Operating System Security Security Measures Supported by Outlook Express S/MIME (version 3) 40-bit and 128-bit RC2 encryption 64-bit RC2 encryption 56-bit DES encryption 168-bit Triple DES encryption Digital signatures encrypted using SHA-1

31 Guide to Operating System Security Configuration Options for Outlook Express

32 Guide to Operating System Security Microsoft Outlook Express Enables you to export to Microsoft Outlook or a Microsoft Exchange server Can be used to back up messages from other systems Enables you to block or filter messages from unwanted sources

33 Guide to Operating System Security Microsoft Outlook Included with Microsoft Office Has multiple capabilities  communications  Calendar  Ability to track tasks, list contacts, and make notes

34 Guide to Operating System Security Microsoft Outlook Security Features S/MIME (version 3) 40-bit and 128-bit RC2 encryption 64-bit RC2 encryption 56-bit DES encryption 168-bit Triple DES encryption Digital signatures encrypted using SHA-1 V1 Exchange Server Security certificates

35 Guide to Operating System Security Configuration Options for Microsoft Outlook

36 Guide to Operating System Security Microsoft Outlook Ability to back up messages by exporting to a file (many file types available) Ability to add specific Web sites to junk list

37 Guide to Operating System Security Ximian Evolution Mail in Red Hat Linux 9.x Processes Schedules activities on a calendar Records tasks Creates list of contacts Summary function (weather, inbox/outbox totals, appointments, updates and errata)

38 Guide to Operating System Security Ximian Evolution Mail in Red Hat Linux 9.x

39 Guide to Operating System Security Ximian Evolution Mail in Red Hat Linux 9.x Capability to configure more than one account with unique properties Can be configured to use either PGP security or GnuPG

40 Guide to Operating System Security Configuration Options for Evolution Mail

41 Guide to Operating System Security Apple Mail (Continued) Comes with Mac OS X Focuses on handling activities Enables creation of filters to reject mail from unwanted or unknown sources Capability to configure different accounts

42 Guide to Operating System Security Apple Mail (Continued)

43 Guide to Operating System Security Apple Mail (Continued) Uses PGP for security Can specify use of SSL for security over Internet links to Provides different authentication methods for verifying access to an account  Password authentication  Kerberos version 4 and version 5  MD5 challenge-response

44 Guide to Operating System Security Summary How operating systems use SMTP for Sources of attacks  Over 90% of malicious software strikes through How certificates and encryption can protect How to configure security in software typically used with operating systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.