1 / 17

Email security

Email security. Shashank Mashetty. Introduction. Electronic mail most commonly referred to as email or e-mail . Electronic mail is one of the most commonly used services on the Internet allowing people to send messages to one or more recipients.

bat
Télécharger la présentation

Email security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Email security ShashankMashetty

  2. Introduction • Electronic mail most commonly referred to as email or e-mail. • Electronic mail is one of the most commonly used services on the Internet allowing people to send messages to one or more recipients. • Modern email operates across the internet and computer networks. • The messages can be notes entered from the keyboard or electronic files stored on the disk.

  3. Why do we need secure email? • Protect sensitive data • Prove authenticity to recipients • Send attachments that are normally filtered • Avoid the junk folder

  4. Email security enhancements • Authentication • Confidentiality • Confidentiality and authentication • Message intigrity

  5. Threats enabled by e-mail • Spam • Spoofing • Phishing • Disclosure of sensitive information • Exposure of systems to malicious code • Denial-of-service(dos) • Un authorized access

  6. Email threats • Spam • spam is the scourge of email around the world • it makes as 95% of all email on the internet • spammers get e-mail address from new groups, un scrupulous web site operators • A large proportion of spam contains malware or links to web sites that contain malware

  7. Email threats • Spoofing • Email spoofing occurs when an attacker sends you an email pretending to be some one to you • Email spoofing is easy to do and very difficult to trace the real sender. • Phishing • Phishing e-mails appear very authentic and often include graphics or logos that are actually from your bank.

  8. Email based attacks • Active content attack - clean up at the server • Buffer over-flow attack - fix the code • Shell script attack - scan before send to the shell • Trojan horse attack - use do not automatically use the macro option

  9. Choices available in the secure email • PGP ( pretty good policy ) • S/MIME • Special providers • SSL/TLS web browser based email • SSL/TLS POP/SMPS email

  10. PGP • Functionality: -encryption for confidentiality -signature for non repudiation/authenticity • Requires key exchange and key management • Not scalable • Small industry support • Can only exchange secure email with other PGP users

  11. S/MIME • Similar to PGP, requires administrator installation and configuration support intensive • User must download and install software • Many installations have failed due to complexity • Can only exchange emails with other S/MIME users

  12. Special providers • Managed services using S/MIME with PKI key exchange • Appliance based services with special hardware requires integration • expensive

  13. Secure web mail • Nothing to download or install, no support issues beyond typical email. • Works with any web browser • Uses SSL/TLS security , same system used by banks, visa, etc • Easy to add, manage users • No training is needed it is simple

  14. POP/SMTP Secure Mail • Works with all email programs • Uses SSL/TLS security same system used by banks, visa, etc • Easy to set up, no download or installation, same issues as traditional email

  15. Steps to secure mail • Generate an identity • Configure secure email software • Get public keys for recipients • Start sending secured messages

  16. Tips to be secure • Never click on a suspect e-mail. • Never reply to a suspect email with personal information • Look at the grammatical errors in the email • Contact your bank via telephone ( get the telephone number from the website rather than the email you received ) if you suspect a fraud • Watch for the small changes on your financial statements to avoid detection

  17. Questions?

More Related