1 / 25

E-mail and Instant Messaging

E-mail and Instant Messaging. Chapter 16. Objectives. Describe security issues associated with e-mail. Implement security practices for e-mail. Detail the security issues of instant messaging protocols. Key Terms. AOL Instant Messenger (AIM) Botnet E-mail E-mail hoax Encryption

jasper-daniel
Télécharger la présentation

E-mail and Instant Messaging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-mail and Instant Messaging Chapter 16

  2. Objectives Describe security issues associated with e-mail. Implement security practices for e-mail. Detail the security issues of instant messaging protocols.

  3. Key Terms AOL Instant Messenger (AIM) Botnet E-mail E-mail hoax Encryption Instant messaging (IM) Mail relaying Open relay Pretty Good Privacy (PGP) RealtimeBlackhole List (RBL) Secure/Multipurpose Internet Mail Extensions (S/MIME) Sender Policy Framework (SPF) Simple Mail Transfer Protocol (SMTP) Spam Trojan horse program Unsolicited commercial e-mail Virus Worm

  4. E-mail Usage

  5. Security of E-mail • Originally launched unsecure; remains unsecure. • Internet e-mail depends on three primary protocols: • SMTP • POP3 • IMAP • Used as a medium: • To spread viruses • To forward hoaxes • Similar to Instant Messaging.

  6. Example List of Spam E-mails

  7. AOL Instant Messenger Program

  8. Malicious Code • Can be found and dispersed by many different methods: • Worm • Virus • Trojan horse program • Botnet

  9. Viruses Commonly Spread Through E-mail Attachments

  10. Malicious Code Protection Measures • Antivirus • E-mail scan • Disable • Preview panes • Scripting support • Follow safe practices and procedures • Educating employees

  11. Hoax E-mails • E-mail hoaxes are mostly a nuisance, wasting everyone’s time, taking up Internet bandwidth and server processing time as well. • Sites like Snopes.com debunk such hoaxes.

  12. Famous Hoax: The Neiman-Marcus story

  13. Unsolicited Commercial E-mail (Spam) • Spam refers to unsolicited commercial e-mail whose purpose is the same as the junk mail you get in your physical mailbox—it tries to persuade you to buy something. • The term spam comes from a skit on Monty Python’s Flying Circus, where two people are in a restaurant that serves only the potted meat product. • This concept of the repetition of unwanted things is the key to e-mail spam.

  14. Fighting Spam • Ways to fight spam include: • E-mail filtering • Educate users about spam • Cautious internet surfing • Cautious towards unknown e-mail • Shut down open relays • Host/server filters • Blacklisting or DNSBL • Greylisting

  15. Mail Encryption • Provision for confidentiality or more commonly known as privacy. • E-mail is sent in the clear—clear text—unless the message and/or attachments are encrypted. • E-mail content encryption methods include: • S/MIME • PGP

  16. S/MIME • Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure implementation of the MIME protocol specification. MIME was created to allow Internet e-mail to support new and more creative features. • MIME allows e-mail to handle multiple types of content in a message, including file transfers. • Every time you send a file as an e-mail attachment, you are using MIME. • S/MIME takes this content and specifies a framework for encrypting the message as a MIME attachment.

  17. Configuration Settings in Outlook

  18. Pretty Good Privacy (PGP) • PGP implements e-mail security in a similar fashion to S/MIME, but uses completely different protocols. • The basic framework is the same: • The user sends the e-mail, and the mail agent applies encryption as specified in the mail program’s programming. • The content is encrypted with the generated symmetric key, and that key is encrypted with the public key of the recipient of the e-mail for confidentiality.

  19. Pretty Good Privacy (PGP) • PGP manages keys locally in its own software. • This is where a user stores not only local keys, but also any keys that were received from other users. • A free key server is available for storing PGP public keys.

  20. Decoding a PGP-encoded Message in Eudora

  21. Pretty Good Privacy (PGP) • PGP has plug-ins for many popular e-mail programs, including Outlook and Qualcomm’s Eudora. • These plug-ins handle the encryption and decryption behind the scenes, and all that the user must do is enter the encryption key’s passphrase to ensure that they are the owner of the key.

  22. Instant Messaging • Technology that allows individuals to chat online. • AOL Instant Messenger (AIM) is a prevalent chat application.

  23. Instant Messaging • To work properly IM has to: • Attach to a server (typically announcing the IP address of the originating client) • Announce your presence on the server

  24. Instant Messaging

  25. Chapter Summary • Describe security issues associated with e-mail. • Implement security practices for e-mail. • Detail the security issues of instant messaging protocols.

More Related