170 likes | 313 Vues
E-Mail security Prepared By Hashem Salah humeed Supervised By Dr. Sana’a Al-Sayegh Explain Date 24. Nov. 2007. University of Palestine College Name College of Information Technology Specialist Information Technology. Contact: hashem_sh@msn.com. 1- Introduction. 2- How E-Mail Works.
E N D
E-Mail security Prepared By Hashem Salah humeed Supervised By Dr. Sana’a Al-Sayegh Explain Date 24. Nov. 2007 University of PalestineCollege NameCollege of Information TechnologySpecialistInformation Technology Contact: hashem_sh@msn.com
1- Introduction. 2- How E-Mail Works. 3- E-Mail Vulnerabilities. 3.1- Malware. 3.2- Spam. 3.3- Hoaxes. 4- E-Mail Encryption. 4.1- S/MIME. 4.2- PGP. 5- Email Defense. 6- General advice. 7- References. Agenda: Contact: hashem_sh@msn.com -162
E-mail has replaced the fax machine as the primary communication tool for businesses. Has also become a prime target of attackers and must be protected. 1- Introduction: Contact: hashem_sh@msn.com -163
Use two Transmission Control Protocol/Internet Protocol (TCP/IP) protocols to send and receive messages. – Simple Mail Transfer Protocol (SMTP) handles outgoing mail. – Post Office Protocol (POP3 for the current version) handles incoming mail. 2- How E-Mail Works: Contact: hashem_sh@msn.com -164
Several e-mail vulnerabilities can be exploited by attackers: – Malware. – Spam. – Hoaxes. 3- E-Mail Vulnerabilities: Contact: hashem_sh@msn.com -165
E-mail is the malware transport mechanism of choice for two reasons: – Because almost all Internet users have email, it has the broadest base for attacks. – Malware can use e-mail to propagate itself. 3.1- Malware: Contact: hashem_sh@msn.com -166
Users must be educated about how malware can enter a system through e-mail and proper policies must be enacted to reduce risk of infection. Antivirus software and firewall products must be installed and properly configured to prevent malicious code from entering the network through e-mail. Malware (continued): Contact: hashem_sh@msn.com -167
Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Today spam is a household word, since 70-80% of all email traffic is spam. Although spam written in English is the most common, it comes in all languages including Chinese, Korean and other Asian languages. In most cases spam is advertising, and experience shows that spammers have targeted specific goods and services to promote. Some goods are chosen because a computer user is likely to be interested, but most are grey or black market goods. In other words, spam is usually illegal not only because of the means used to advertise the goods, but also because the goods and services being offered are illegal in themselves. 3.2- Spam: Contact: hashem_sh@msn.com -168
The commonest types of spam Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer. However, when averaged out over the course of the year, 50% of spam falls into the following categories: – Health – IT – Personal finance – Education/training Spam (continued): Contact: hashem_sh@msn.com -169
E-mail messages that contain false warnings or fraudulent offerings Unlike spam, are almost impossible to filter Defense against hoaxes is to ignore them, and educate user not to listen to such warning except the administrator warning 3.3- Hoaxes: Contact: hashem_sh@msn.com -1610
Two technologies used to protect e-mail messages as they are being transported: – Secure/Multipurpose Internet Mail Extensions (S/MIME). – Pretty Good Privacy (PGP). 4- E-Mail Encryption: Contact: hashem_sh@msn.com -1611
Secure/Multipurpose Internet Mail Extensions (S/MIME). Is a secure method of sending e-mail. Protocol that adds digital signatures and encryption to Multipurpose Internet Mail Extension (MIME) messages. Uses PKI. 4.1- S/MIME: Contact: hashem_sh@msn.com -1612
is a computer program that provides cryptographic privacy and authentication. It was originally created by Philip Zimmermann in 1991. encrypting and decrypting e-mails to increase the security of e-mail communications. Generate public/ private keys. http://www.pgpi.org/ 4.2- Pretty Good Privacy (PGP): Contact: hashem_sh@msn.com -1613
Educate users Update e-mail software Use S/MIME Stop spam And other… 5- Email Defense: Contact: hashem_sh@msn.com -1614
Not be stored password on the pc. Non-use password e-mail registration sites. during the registration email address, preferably the introduction of information and fake logs so as not to expect a question and answer contrary to Sri question completely, and store this information and would prefer a paper by special for use in the home if the theft of mail. Use a password consisting of at least ten letters to impossible to guess (where access to encrypted password forums such as the disengagement are encrypted by programs in six minutes if it consists of six characters, and two hours if the seven characters and ten If the hours of eight characters, and two to four days if they are nine, and if the month of the session and so on ... Outlook users program sponsored by Microsoft or likened programs are vulnerable to penetrate more than others so be cautious (since spread the message with an attachment that is precisely enough to delete it so that the virus had been operating on your computer). 6- General advice: Contact: hashem_sh@msn.com -1615
http://spam.abuse.net/overview/whatisspam.shtml http://www.viruslist.com/en/spam/info?chapter=153350533 Dr.Khaled S. Alghathbar PDF file http://www.shbaka.com/vb/t6351.html 7- References: Contact: hashem_sh@msn.com -1616
Thanks Contact: hashem_sh@msn.com