1 / 17

Misc. Security Items

Misc. Security Items. DKIM. domainkeys identified mail ( dkim ). Developed at and patented by Yahoo! Offers a way for a domain to claim responsibility for an email Uses public key cryptography. dkim features. E-Mail body and selected headers can be covered by the DKIM signature

loren
Télécharger la présentation

Misc. Security Items

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Misc. Security Items

  2. DKIM

  3. domainkeys identified mail (dkim) Developed at and patented by Yahoo! Offers a way for a domain to claim responsibility for an email Uses public key cryptography

  4. dkim features E-Mail body and selected headers can be covered by the DKIM signature Signed portions of the email are protected against tampering Independent of SMTP: can survive relaying

  5. dkim problems Signing and verifying are expensive operations DKIM is done on the server where resources may be limited Many things can break the DKIM signature e.g. encoding changes, automated footers

  6. dkim recommendations DKIM is nice to implement if you have the resources We will not be covering it in the lab

  7. s/mime

  8. s/mime Secure Multipurpose Internet Mail Extensions Public key cryptography Supports signing and encryption of E-Mail Keys are tied to E-Mail addresses and usually an identity Performed by end-users Supported by most E-Mail clients

  9. s/mime Uses certificate authorities, like TLS CAs act as a trusted third party Walk the certificate chain back to the CA to prove identity To my knowledge, there is no central location to find a user’s S/MIME public key

  10. s/mime To sign mail, you must have a public/private key pair To encrypt mail, you must have the recipient’s public key To verify an email, you must have the sender’s public key

  11. pgp

  12. pretty good privacy Public key cryptography Supports signing and encrypting E-Mail Keys are tied to E-Mail addresses and usually an identity Performed by end users Client support is not as common as S/MIME

  13. pretty good privacy No central certificate authority Relies on ‘web of trust’ instead Gnu Privacy Guard (gpg) is open-source equivalent

  14. pgp: web of trust If you trust someone you can sign their public key (e.g. verify their identity) You have a list of keys you trust Everyone who you trust has a list of keys they trust, and so on Trust can be established by finding a path of trust between two keys Think seven degrees of Kevin Bacon

  15. pgp: key servers Public keys can be looked up using key servers e.g. pgp.mit.edu Allows out-of-band retrieval of keys Public keys contain web of trust information

  16. s/mime and pgp recommendations S/MIME and PGP only sign and encrypt the body of an email. Headers (e.g. To, From, Subject are not encrypted) Only work if you communicate with other people who use it If you lose the key, you lose access to all encrypted email Sometime plausible deniability is a good thing

  17. other solutions spamassassian evaluate E-Mail and score the likelihood of it being spam amavis, clamav scan incoming E-Mail for viruses procmail act on E-Mail (e.g. move, delete) based on header information can use headers set by SPF, spamassassian, and antivirus

More Related