Download presentation
Presentation is loading. Please wait.
Published byJulia Ellis Modified over 9 years ago
1
SHASHANK MASHETTY Email security
2
Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly used services on the Internet allowing people to send messages to one or more recipients. Modern email operates across the internet and computer networks. The messages can be notes entered from the keyboard or electronic files stored on the disk.
3
Why do we need secure email? Protect sensitive data Prove authenticity to recipients Send attachments that are normally filtered Avoid the junk folder
4
Email security enhancements Authentication Confidentiality Confidentiality and authentication Message intigrity
5
Threats enabled by e-mail Spam Spoofing Phishing Disclosure of sensitive information Exposure of systems to malicious code Denial-of-service(dos) Un authorized access
6
Email threats Spam spam is the scourge of email around the world it makes as 95% of all email on the internet spammers get e-mail address from new groups, un scrupulous web site operators A large proportion of spam contains malware or links to web sites that contain malware
7
Email threats Spoofing Email spoofing occurs when an attacker sends you an email pretending to be some one to you Email spoofing is easy to do and very difficult to trace the real sender. Phishing Phishing e-mails appear very authentic and often include graphics or logos that are actually from your bank.
8
Email based attacks Active content attack - clean up at the server Buffer over-flow attack - fix the code Shell script attack - scan before send to the shell Trojan horse attack - use do not automatically use the macro option
9
Choices available in the secure email PGP ( pretty good policy ) S/MIME Special providers SSL/TLS web browser based email SSL/TLS POP/SMPS email
10
PGP Functionality: -encryption for confidentiality -signature for non repudiation/authenticity Requires key exchange and key management Not scalable Small industry support Can only exchange secure email with other PGP users
11
S/MIME Similar to PGP, requires administrator installation and configuration support intensive User must download and install software Many installations have failed due to complexity Can only exchange emails with other S/MIME users
12
Special providers Managed services using S/MIME with PKI key exchange Appliance based services with special hardware requires integration expensive
13
Secure web mail Nothing to download or install, no support issues beyond typical email. Works with any web browser Uses SSL/TLS security, same system used by banks, visa, etc Easy to add, manage users No training is needed it is simple
14
POP/SMTP Secure Mail Works with all email programs Uses SSL/TLS security same system used by banks, visa, etc Easy to set up, no download or installation, same issues as traditional email
15
Steps to secure mail Generate an identity Configure secure email software Get public keys for recipients Start sending secured messages
16
Tips to be secure Never click on a suspect e-mail. Never reply to a suspect email with personal information Look at the grammatical errors in the email Contact your bank via telephone ( get the telephone number from the website rather than the email you received ) if you suspect a fraud Watch for the small changes on your financial statements to avoid detection
17
Questions?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.