E-mail and Instant Messaging

transcript

Principles of Computer Security:CompTIA Security+® and Beyond, Second Edition

E-mail and Instant MessagingE-mail and Instant Messaging

Chapter 16

Objectives

• Describe security issues associated with e-mail.• Implement security practices for e-mail.• Detail the security issues of instant messaging

protocols.

Key Terms

E-mail Usage

Security of E-mail• Originally launched unsecure; remains unsecure.

• Internet e-mail depends on three primary protocols:– SMTP– POP3– IMAP

• Used as a medium:– To spread viruses– To forward hoaxes

• Similar to Instant Messaging.

Example List of Spam E-mails

AOL Instant Messenger Program

Malicious Code

• Can be found and dispersed by many different methods:– Worm

– Virus

– Trojan horse program

– Botnet

Viruses Commonly Spread Through E-mail Attachments

• Malicious Code Protection Measures– Antivirus

– E-mail scan

– Disable • Preview panes

• Scripting support

– Follow safe practices and procedures

– Educating employees

Hoax E-mails

• E-mail hoaxes are mostly a nuisance, wasting everyone’s time, taking up Internet bandwidth and server processing time as well.

• Sites like Snopes.com debunk such hoaxes.

• Famous Hoax: The Neiman-Marcus story

Unsolicited Commercial E-mail (Spam)

• Spam refers to unsolicited commercial e-mail whose purpose is the same as the junk mail you get in your physical mailbox—it tries to persuade you to buy something.

• The term spam comes from a skit on Monty Python’s Flying Circus, where two people are in a restaurant that serves only the potted meat product.

• This concept of the repetition of unwanted things is the key to e-mail spam.

• Ways to fight spam include:– E-mail filtering

– Educate users about spam• Cautious internet surfing

• Cautious towards unknown e-mail

– Shut down open relays

– Host/server filters

– Blacklisting or DNSBL

– Greylisting

Fighting Spam

Mail Encryption

• Provision for confidentiality or more commonly known as privacy.

• E-mail is sent in the clear—clear text—unless the message and/or attachments are encrypted.

• E-mail content encryption methods include:– S/MIME

– PGP

S/MIME

• Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure implementation of the MIME protocol specification. MIME was created to allow Internet e-mail to support new and more creative features.

• MIME allows e-mail to handle multiple types of content in a message, including file transfers.

• Every time you send a file as an e-mail attachment, you are using MIME.

• S/MIME takes this content and specifies a framework for encrypting the message as a MIME attachment.

Configuration Settings in Outlook

Pretty Good Privacy (PGP)• PGP implements e-mail security in a similar

fashion to S/MIME, but uses completely different protocols.

• The basic framework is the same:– The user sends the e-mail, and the mail agent

applies encryption as specified in the mail program’s programming.

– The content is encrypted with the generated symmetric key, and that key is encrypted with the public key of the recipient of the e-mail for confidentiality.

• PGP manages keys locally in its own software.

• This is where a user stores not only local keys, but also any keys that were received from other users.

• A free key server is available for storing PGP public keys.

Pretty Good Privacy (PGP)

Decoding a PGP-encoded Message in Eudora

Pretty Good Privacy (PGP)

• PGP has plug-ins for many popular e-mail programs, including Outlook and Qualcomm’s Eudora.

• These plug-ins handle the encryption and decryption behind the scenes, and all that the user must do is enter the encryption key’s passphrase to ensure that they are the owner of the key.

Instant Messaging

• Technology that allows individuals to chat online.

• AOL Instant Messenger (AIM) is a prevalent chat application.

Instant Messaging

• To work properly IM has to:– Attach to a server (typically announcing the IP

address of the originating client)– Announce your presence on the server

Instant Messaging

Chapter Summary

• Describe security issues associated with e-mail.

• Implement security practices for e-mail.

• Detail the security issues of instant messaging protocols.

E-mail and Instant Messaging

Documents