Date post: | 29-Jan-2016 |
Category: |
Documents |
Upload: | cody-amos-barber |
View: | 240 times |
Download: | 0 times |
Secure E-mailSecure E-mail
Message interception (confidentiality)Message interception (confidentiality) Message interception (blocked delivery)Message interception (blocked delivery) Message interception and subsequent replayMessage interception and subsequent replay Message content modificationMessage content modification Message origin modificationMessage origin modification Message content forgery by outsiderMessage content forgery by outsider Message origin forgery by outsiderMessage origin forgery by outsider Message content forgery by recipientMessage content forgery by recipient Message origin forgery by recipientMessage origin forgery by recipient Denial of message transmissionDenial of message transmission
Requirements and SolutionsRequirements and Solutions
Message confidentialityMessage confidentiality Message integrityMessage integrity Sender authenticitySender authenticity nonrepudiationnonrepudiation
Examples of Secure E-mail Examples of Secure E-mail SystemsSystems
PGP (Pretty Good Privacy) – uses PGP (Pretty Good Privacy) – uses public key ring; confidentiality, public key ring; confidentiality, integrityintegrity
S/MIME (Secure Multipurpose Internet S/MIME (Secure Multipurpose Internet Mail Extensions) – uses certificatesMail Extensions) – uses certificates
Multi-Layer SecurityMulti-Layer Security Security Can be Applied at Multiple Security Can be Applied at Multiple
Layers SimultaneouslyLayers Simultaneously
• Application layer security for database, Application layer security for database, e-mail, etc.e-mail, etc.
• Transport layer: SSLTransport layer: SSL
• Internet layer: IPsec Internet layer: IPsec
• Data link layer: PPTP, L2TPData link layer: PPTP, L2TP
• Physical layer: locksPhysical layer: locks
Multi-Layer SecurityMulti-Layer Security
Applying security at 2 or more layers Applying security at 2 or more layers is goodis good
• If security is broken at one layer, the If security is broken at one layer, the communication will still be securecommunication will still be secure
However,However,• Security slows down processingSecurity slows down processing• Multi-Layer security slows down Multi-Layer security slows down
processing at each layerprocessing at each layer
Total SecurityTotal Security
Network Security is Only PartNetwork Security is Only Part Server SecurityServer Security
• Hackers can take down servers with Hackers can take down servers with denial-of-service attackdenial-of-service attack
• Hacker can log in as root user and take Hacker can log in as root user and take over the serverover the server
• Steal data, lock out legitimate users, Steal data, lock out legitimate users, etc.etc.
Total SecurityTotal Security
Server SecurityServer Security
• Occasionally, weakness are discovered Occasionally, weakness are discovered in server operating systemsin server operating systems
• This knowledge is quickly disseminatedThis knowledge is quickly disseminated
• Known security weaknessesKnown security weaknesses
Total SecurityTotal Security
Server SecurityServer Security
• Server operating system (SOS) vendors Server operating system (SOS) vendors create patchescreate patches
• Many firms do not download patchesMany firms do not download patches
• This makes them vulnerable to hackers, This makes them vulnerable to hackers, who quickly develop tools to probe for who quickly develop tools to probe for and then exploit known weaknessesand then exploit known weaknesses
Total SecurityTotal Security
Client PC SecurityClient PC Security
• Known security weaknesses exist but Known security weaknesses exist but patches are rarely downloadedpatches are rarely downloaded
• Users often have no passwords or weak Users often have no passwords or weak passwords on their computerpasswords on their computer
• Adversaries take over client PCs and can Adversaries take over client PCs and can therefore take over control over SSL, therefore take over control over SSL, other secure communication protocolsother secure communication protocols
Total SecurityTotal Security
Application SoftwareApplication Software
• May contain virusesMay contain viruses Must filter incoming messagesMust filter incoming messages
• Database and other applications can Database and other applications can add their own security with passwords add their own security with passwords and other protectionsand other protections
Total SecurityTotal Security
Managing UsersManaging Users
• Often violate security procedures, Often violate security procedures, making technical security worthlessmaking technical security worthless
• Social engineeringSocial engineering: attacker tricks user : attacker tricks user into violating security proceduresinto violating security procedures
Defense in DepthDefense in Depth
FirewallsFirewalls AntivirusAntivirus Intrusion Detection SystemsIntrusion Detection Systems Intrusion Protection SystemsIntrusion Protection Systems