Top Banner
SHASHANK MASHETTY Email security
17

SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Dec 24, 2015

Download

Documents

Julia Ellis
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY

Email security

Page 2: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Introduction

Electronic mail most commonly referred to as email or e-mail.

Electronic mail is one of the most commonly used services on the Internet allowing people to send messages to one or more recipients.

Modern email operates across the internet and computer networks.

The messages can be notes entered from the keyboard or electronic files stored on the disk.

Page 3: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Why do we need secure email?

Protect sensitive dataProve authenticity to recipientsSend attachments that are normally

filteredAvoid the junk folder

Page 4: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Email security enhancements

AuthenticationConfidentialityConfidentiality and authenticationMessage intigrity

Page 5: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Threats enabled by e-mail

SpamSpoofingPhishingDisclosure of sensitive informationExposure of systems to malicious codeDenial-of-service(dos)Un authorized access

Page 6: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Email threats

Spam spam is the scourge of email around the

world it makes as 95% of all email on the internet spammers get e-mail address from new

groups, un scrupulous web site operators A large proportion of spam contains malware

or links to web sites that contain malware

Page 7: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Email threats

Spoofing Email spoofing occurs when an attacker

sends you an email pretending to be some one to you

Email spoofing is easy to do and very difficult to trace the real sender.

Phishing Phishing e-mails appear very authentic and

often include graphics or logos that are actually from your bank.

Page 8: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Email based attacksActive content attack - clean up at the serverBuffer over-flow attack - fix the codeShell script attack - scan before send to the shellTrojan horse attack - use do not automatically use the macro

option

Page 9: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Choices available in the secure email

PGP ( pretty good policy )S/MIMESpecial providersSSL/TLS web browser based emailSSL/TLS POP/SMPS email

Page 10: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

PGP

Functionality: -encryption for confidentiality -signature for non repudiation/authenticityRequires key exchange and key

managementNot scalableSmall industry supportCan only exchange secure email with other

PGP users

Page 11: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

S/MIME

Similar to PGP, requires administrator installation and configuration support intensive

User must download and install softwareMany installations have failed due to

complexityCan only exchange emails with other

S/MIME users

Page 12: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Special providers

Managed services using S/MIME with PKI key exchange

Appliance based services with special hardware requires integration

expensive

Page 13: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Secure web mail

Nothing to download or install, no support issues beyond typical email.

Works with any web browserUses SSL/TLS security , same system used

by banks, visa, etcEasy to add, manage usersNo training is needed it is simple

Page 14: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

POP/SMTP Secure Mail

Works with all email programsUses SSL/TLS security same system used by

banks, visa, etcEasy to set up, no download or installation,

same issues as traditional email

Page 15: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Steps to secure mail

Generate an identityConfigure secure email softwareGet public keys for recipientsStart sending secured messages

Page 16: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Tips to be secure

Never click on a suspect e-mail.Never reply to a suspect email with

personal informationLook at the grammatical errors in the emailContact your bank via telephone ( get the

telephone number from the website rather than the email you received ) if you suspect a fraud

Watch for the small changes on your financial statements to avoid detection

Page 17: SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

Questions?