info sys security chapter 16
malicious code
-viruses and worms are popular programs because they make themselves popular -viruses can travel by email from one local network to another, anywhere on the internet -all malware is a security threat -antivirus systems are not a panacea -worm prevention relies on patch management -viruses are user launches -people using the email system create the front line of defense against viruses -users need to be educated about virus dangers -use localized antivirus scanning programs like AVG
multipurpose internet mail extensions (MIME)
-when a message has an attachment, protocol used to deliver the message -this protocol allows the exchange of different kinds of data across text-based email systems -when used it is marked in the header of the email along with supporting elements to facilitate decoding
greylisting
-when an email is received, it is bounced as a temporary rejection -SMTP servers that are compliant with RFC 5321 will wait a configurable amount of time and attempt retransmission of the message -spammers will not retry sending any messages, so spam is reduced
IMAP
allows the client to retrieve messages from the server; typically works in greater synchronization than POP3
instant messaging (IM) programs
are designed to attach to a server, or a network of servers, and allow you to talk with other people on the same network of servers in near real time
SPAM URI real time block Lists (SURBL)
detect unwanted email based on invalid or malicious links within a message -valuable tool to protect users from malware and phishing attacks -not all mail servers support, but this technology shows promise in the fight against malware and phishing
email hoax
has become a regular occurrence -internet based urban legends are spread through email, with users forwarding them in seemingly endless loops around the globe -people still have not found a good way to block ubiquitous span email -email security is ultimately the responsibility of users themselves because they are the ones who will actually be sending and receiving the messages
pretty good privacy (PGP)
implements email security in a similar fashion to S/MIME -has plug ins for many popular email programs, including outlook and mozilla's thunderbird --plug ins handle the encryption and decryption behind the scenes and all that the user must do is enter the encryption key's passphrase to ensure that they are the owner of the key
STARTTLS
is a means of sing transport layer security (TLS) to secure a communication channel for text-based communication protocols
POP3
is a method by which a client computer may connect to a server and download new messages
mail relaying
is similar to dropping a letter off at a post office instead of letting the postal carrier pick it up at your mailbox
instant messaging (IM)
is similar to email in many respects particularly in the sense that it is commonly plaintext and can transmit files
real time blackhole list (RBL)
list of email servers that are known for allowing spam or have open relays and enable bad email behaviors
mail transfer agent (MTA)
mail server
S/MIME process
process encrypting emails provides integrity, privacy and if the message is signed, authentication
two popular methods used for encrypting email
secure/multipurpose internet mail extensions (S/MIME) and Pretty good privacy (PGP)
started with mailbox programs on early time-sharing machines, allowing researchers to leave messages for others using the same machine
mall user agent (MUA)
the application on the sender's machine
mail delivery agen (MDA)
the recipient's mail server
sender policy framework (SPF)
this list is maintained in a text record published by the DNS
email structure
two elements: -a header and the body -the entire message is sent via plain ASCII text, with attachments included using Base64 encoding -the email header provides information for the handling of the email between MUAs, MTAs, and MDAs -it is important to note that the format of the message and its attachments are in plaintext
spam
unsolicited commercial email whose purpose is the same as the junk mail you get in your physical mailbox-it tries to persuade you to buy something controlling the assault of non solicited pornography and marketing act (CAN SPAM) law
additional decryption key (ADK)
used an additional public key stacked upon the original public key -not always controlled by a properly authorized organization and the danger exists for someone to add this and then distribute it to the world -users believe message can only be read by the first part, but message can be read by the third party who modified the key
internet service provider (ISP)
which can bypass the server based virus protection
modern instant messaging systems
-the best ways to protect yourself on an IM network are similar to those for other internet applications --avoid communication with unknown persons, avoid running any program you are unsure of and do not write anything you wouldn't want posted with your name on it -main security threat on most of these is information disclosure
spam filter
-blacklisting -content filtering -trusted servers -delay based filtering -PTR and reverse DNS check -callback verification -statistical content filtering -rulebased filtering -egress filtering -hybrid filtering
unsolicited commercial email (spam)
-industry trade name for unsolicited emails -botnets are set up to spread spam
simple mail transfer protocol (SMTP)
-is a method by which mail is sent to the server as well as from server to server
S/MIME
-is a secure implementation of the MIME protocol specifications -MIME was created to allow internet email to support new and more creative features-MIME handles audio files, images, application, and multipart email -MIME allows email to handle multiple types of content in a message, including file transfers -was developed by RSA data security and uses the x.509 format for certificates
domainkeys identified mail (DKIM)
-is an email validation system employed to detect email spoofing -operates by providing a mechanism to allow receiving MTAs to check that incoming mail is authorized and the email has not been modified during transport --done through a digital signature included with the message that can be validated by the recipient using the signer' public key published in the DNS -result of the merging of two previous methods -is the basis for a series of IETF standards track specification and is used by AOL, gmail, and yahoo mail
sender ID framework (SIDF)
-microsoft offers another server based solution to spam -attempts to authenticate messages by checking the sender's domain name against a list of IP addresses authorized to send email by the domain name listed
security of email
-security administrators can give users the tools they need to fight malware, spam, and hoaxes
SMTP
-server software is typically configured to accept mail only from specific hosts or domains -software can and should be configured to accept only mail from known hosts, or to known mailboxes; this closes down mail relaying and helps reduce spam
