8/7/2019 Computer Security& Email Hacking
1/20
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
2/20
->Hacking is a process to bypass the security
mechanisms of an information system or
network. These are two types:-
Local hacking:Local hacking is done in local area where we physical access ,like through
printer etc.
Remote hacking:Remote hacking is done remotely by taking advantages of the vulnerability of
the target system.
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
3/20
Application Layer
Transport Layer
Network Layer
Link Layer
Physical Layer
SMTP HTTPBitTorrent
TCP UDP
IP
Ethernet 802.11(b, a, g) / WiFi
Cables Fiber Optics Radio
RTSP
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
4/20
->SMTP used to send email from sender to
recipients mail server
->Then use POP3, IMAP or
HTTP (Web mail)
to get messages from server
->As with many application protocols, SMTP
commands are human readable recipientsender
SMTP SMTP
POP3
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
5/20
Electronic Mail
Three major components: user agents
mail servers
simple mail transfer protocol:
SMTPUser Agent a.k.a. mail reader
composing, editing, reading
mail messages
e.g., pine, Outlook, elm,Thunderbird
outgoing, incoming messages
stored on server
SMTP
SMTP
SMTP
server
server
server
user
agent
user
agent
user
agent
user
agent
user agentuser agent
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
6/20
Mail Servers
mailbox contains incoming
messages for user
message queue of outgoing(to be sent) mail messages
SMTP protocol between mail
servers to send emailmessages
client: sending mail server
server: receiving mail
server
SMTP
SMTP
SMTP
server
server
server
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
7/20
Sending Server to Receiving Server
three phases of transfer
handshaking (greeting)
transfer of messages
closure command/response interaction
commands: ASCII text: HELO, MAIL, RCPT, DATA,
QUIT, etc.
response: status code and phrase
messages must be in 7-bit ASCII
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
8/20
RFC 822: standard for text
message format:
header lines, e.g.,
To: From:
Subject:
body the message, ASCII
characters only
blank line
header
body
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
9/20
SMTP: delivery/storage to receivers server
Mail access protocol: retrieval from server
POP: Post Office Protocol [RFC 1939] authorization (agent server) and download
IMAP: Internet Mail Access Protocol [RFC 1730]
more features (more complex) manipulation of stored messages on server
HTTP: Hotmail , Yahoo! Mail, etc.
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
10/20
Security is the protection of assets. The threemain aspects are:
prevention
detection
re-action
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
11/20
8/7/2019 Computer Security& Email Hacking
12/20
Computer Security
deals with theprevention and
detection of
unauthorised actions by
users of a computer
system.
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
13/20
There is no single definition
of security
What features should acomputer security system
provide?
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
14/20
Confidentiality
The prevention of unauthorized disclosure of
information.
Confidentiality is keeping information secretor private.
Confidentiality might be important for
military, business or personal reasons.
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
15/20
A security system is not just a computer
package. It also requires security conscious
personnel who respect the procedures and
their role in the system.
Conversely, a good security system should not
rely on personnel having security expertise.
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
16/20
The disadvantages of a security system are
that they are time-consuming, costly, and
impede management and smooth running of
the organization.
Risk analysis is the study of the cost of a
particular system against the benefits of the
system.
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
17/20
There are a number of design considerations:
Does the system focus on the data, operations or theusers of the system?
What level should the security system operate from?Should it be at the level of hardware, operating systemor applications package?
Should it be simple or sophisticated?
In a distributed system, should the security be
centralised or spread? How do you secure the levels below the level of the
security system?
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
18/20
By now you should have some idea about
Why we need computer security (prevention,detection and re-action)
What a computer security system does(confidentiality, integrity, availability, non-repudiation, authentication, access control,
accountability) What computer security exerts do (design,
implement and evaluate security systems)
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
19/20
dibyajit dash@PIET,ORISSA
8/7/2019 Computer Security& Email Hacking
20/20
dibyajit dash@PIET,ORISSA