info sys security chapter 16

malicious code

-viruses and worms are popular programs because they make themselves popular -viruses can travel by email from one local network to another, anywhere on the internet -all malware is a security threat -antivirus systems are not a panacea -worm prevention relies on patch management -viruses are user launches -people using the email system create the front line of defense against viruses -users need to be educated about virus dangers -use localized antivirus scanning programs like AVG

multipurpose internet mail extensions (MIME)

-when a message has an attachment, protocol used to deliver the message -this protocol allows the exchange of different kinds of data across text-based email systems -when used it is marked in the header of the email along with supporting elements to facilitate decoding

greylisting

-when an email is received, it is bounced as a temporary rejection -SMTP servers that are compliant with RFC 5321 will wait a configurable amount of time and attempt retransmission of the message -spammers will not retry sending any messages, so spam is reduced

IMAP

allows the client to retrieve messages from the server; typically works in greater synchronization than POP3

instant messaging (IM) programs

are designed to attach to a server, or a network of servers, and allow you to talk with other people on the same network of servers in near real time

SPAM URI real time block Lists (SURBL)

detect unwanted email based on invalid or malicious links within a message -valuable tool to protect users from malware and phishing attacks -not all mail servers support, but this technology shows promise in the fight against malware and phishing

email hoax

has become a regular occurrence -internet based urban legends are spread through email, with users forwarding them in seemingly endless loops around the globe -people still have not found a good way to block ubiquitous span email -email security is ultimately the responsibility of users themselves because they are the ones who will actually be sending and receiving the messages

pretty good privacy (PGP)

implements email security in a similar fashion to S/MIME -has plug ins for many popular email programs, including outlook and mozilla's thunderbird --plug ins handle the encryption and decryption behind the scenes and all that the user must do is enter the encryption key's passphrase to ensure that they are the owner of the key

STARTTLS

is a means of sing transport layer security (TLS) to secure a communication channel for text-based communication protocols

POP3

is a method by which a client computer may connect to a server and download new messages

mail relaying

is similar to dropping a letter off at a post office instead of letting the postal carrier pick it up at your mailbox

instant messaging (IM)

is similar to email in many respects particularly in the sense that it is commonly plaintext and can transmit files

real time blackhole list (RBL)

list of email servers that are known for allowing spam or have open relays and enable bad email behaviors

mail transfer agent (MTA)

mail server

S/MIME process

process encrypting emails provides integrity, privacy and if the message is signed, authentication

two popular methods used for encrypting email

secure/multipurpose internet mail extensions (S/MIME) and Pretty good privacy (PGP)

email

started with mailbox programs on early time-sharing machines, allowing researchers to leave messages for others using the same machine

mall user agent (MUA)

the application on the sender's machine

mail delivery agen (MDA)

the recipient's mail server

sender policy framework (SPF)

this list is maintained in a text record published by the DNS

email structure

two elements: -a header and the body -the entire message is sent via plain ASCII text, with attachments included using Base64 encoding -the email header provides information for the handling of the email between MUAs, MTAs, and MDAs -it is important to note that the format of the message and its attachments are in plaintext

spam

unsolicited commercial email whose purpose is the same as the junk mail you get in your physical mailbox-it tries to persuade you to buy something controlling the assault of non solicited pornography and marketing act (CAN SPAM) law

additional decryption key (ADK)

used an additional public key stacked upon the original public key -not always controlled by a properly authorized organization and the danger exists for someone to add this and then distribute it to the world -users believe message can only be read by the first part, but message can be read by the third party who modified the key

internet service provider (ISP)

which can bypass the server based virus protection

modern instant messaging systems

-the best ways to protect yourself on an IM network are similar to those for other internet applications --avoid communication with unknown persons, avoid running any program you are unsure of and do not write anything you wouldn't want posted with your name on it -main security threat on most of these is information disclosure

spam filter

-blacklisting -content filtering -trusted servers -delay based filtering -PTR and reverse DNS check -callback verification -statistical content filtering -rulebased filtering -egress filtering -hybrid filtering

unsolicited commercial email (spam)

-industry trade name for unsolicited emails -botnets are set up to spread spam

simple mail transfer protocol (SMTP)

-is a method by which mail is sent to the server as well as from server to server

S/MIME

-is a secure implementation of the MIME protocol specifications -MIME was created to allow internet email to support new and more creative features-MIME handles audio files, images, application, and multipart email -MIME allows email to handle multiple types of content in a message, including file transfers -was developed by RSA data security and uses the x.509 format for certificates

domainkeys identified mail (DKIM)

-is an email validation system employed to detect email spoofing -operates by providing a mechanism to allow receiving MTAs to check that incoming mail is authorized and the email has not been modified during transport --done through a digital signature included with the message that can be validated by the recipient using the signer' public key published in the DNS -result of the merging of two previous methods -is the basis for a series of IETF standards track specification and is used by AOL, gmail, and yahoo mail

sender ID framework (SIDF)

-microsoft offers another server based solution to spam -attempts to authenticate messages by checking the sender's domain name against a list of IP addresses authorized to send email by the domain name listed

security of email

-security administrators can give users the tools they need to fight malware, spam, and hoaxes

SMTP

-server software is typically configured to accept mail only from specific hosts or domains -software can and should be configured to accept only mail from known hosts, or to known mailboxes; this closes down mail relaying and helps reduce spam