Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Similar presentations


Presentation on theme: "SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly."— Presentation transcript:

1 SHASHANK MASHETTY Email security

2 Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly used services on the Internet allowing people to send messages to one or more recipients. Modern email operates across the internet and computer networks. The messages can be notes entered from the keyboard or electronic files stored on the disk.

3 Why do we need secure email?  Protect sensitive data  Prove authenticity to recipients  Send attachments that are normally filtered  Avoid the junk folder

4 Email security enhancements  Authentication  Confidentiality  Confidentiality and authentication  Message intigrity

5 Threats enabled by e-mail  Spam  Spoofing  Phishing  Disclosure of sensitive information  Exposure of systems to malicious code  Denial-of-service(dos)  Un authorized access

6 Email threats  Spam  spam is the scourge of email around the world  it makes as 95% of all email on the internet  spammers get e-mail address from new groups, un scrupulous web site operators  A large proportion of spam contains malware or links to web sites that contain malware

7 Email threats  Spoofing  Email spoofing occurs when an attacker sends you an email pretending to be some one to you  Email spoofing is easy to do and very difficult to trace the real sender.  Phishing  Phishing e-mails appear very authentic and often include graphics or logos that are actually from your bank.

8 Email based attacks  Active content attack - clean up at the server  Buffer over-flow attack - fix the code  Shell script attack - scan before send to the shell  Trojan horse attack - use do not automatically use the macro option

9 Choices available in the secure email  PGP ( pretty good policy )  S/MIME  Special providers  SSL/TLS web browser based email  SSL/TLS POP/SMPS email

10 PGP  Functionality: -encryption for confidentiality -signature for non repudiation/authenticity  Requires key exchange and key management  Not scalable  Small industry support  Can only exchange secure email with other PGP users

11 S/MIME  Similar to PGP, requires administrator installation and configuration support intensive  User must download and install software  Many installations have failed due to complexity  Can only exchange emails with other S/MIME users

12 Special providers  Managed services using S/MIME with PKI key exchange  Appliance based services with special hardware requires integration  expensive

13 Secure web mail  Nothing to download or install, no support issues beyond typical email.  Works with any web browser  Uses SSL/TLS security, same system used by banks, visa, etc  Easy to add, manage users  No training is needed it is simple

14 POP/SMTP Secure Mail  Works with all email programs  Uses SSL/TLS security same system used by banks, visa, etc  Easy to set up, no download or installation, same issues as traditional email

15 Steps to secure mail  Generate an identity  Configure secure email software  Get public keys for recipients  Start sending secured messages

16 Tips to be secure  Never click on a suspect e-mail.  Never reply to a suspect email with personal information  Look at the grammatical errors in the email  Contact your bank via telephone ( get the telephone number from the website rather than the email you received ) if you suspect a fraud  Watch for the small changes on your financial statements to avoid detection

17 Questions?


Download ppt "SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly."

Similar presentations


Ads by Google