Академический Документы
Профессиональный Документы
Культура Документы
Email Security
Dr Rudi Rusdiah
T1005
23 Apr 2016
Email Security
Data
integrity
&
MitM
&
Address
Spoof
Data Integrity: Text on an emaileasily seen & read at the IP package level with network
admin tools by Man in the Middle (MitM) attack or Replay attack.
But slightly difficult to modify package with primitive tools. What can be modified: (1).
Addresses: Change or resend redirect confidential email to different address; (2).
Financial Amount; (3) Object of Transactions change to other illegal beneficiary.
MitM may control Firewall, routers or gateway the email traverses several hops or just
reside on the same LAN segment as the sender or recipient LAN.
MitM can use ARP (Address Resolution Protocol) Spoofing tool ie: Ettercap Intercept &
modified email packet go & from email server or gateway. Attack can be from:
(1)Between email client & Server; (2). Between email client & Gateway (in the path to the
Email Server); (3). Between 2 Gateway; (4). Between Gateway & mail Server.
ARP Spoofing MitM attack email packets are intercepted. Packet read & modifed if not
encripted or attacker cant decript. Digital Signature ensure message body integrity via
hashing algorithm. The result hash then encrypted with Senders private key added in
the bottom of the email.
The recipient decript with Senders Public Key & verify integrity of email.
SPAM: unwanted Email almost half SPAM, thus half resources wasted Potential Denial of
Service (DOS )attack.
SPAM put advertising message in the body of email and view email headers to ensure the
email is delivered. Spammer hide/fake their originating (From) address.
SPAM Filters: identify spams from content in message body not message header.. Spam is
analyze using Bayesian Logic if contain suspected keywords ie: money, account etc.
Compared legitimate email & spam email. Then look for combination of suspected
words that donot normally occur in legitimate email.
Email
Confidentiality
&
Integrity
Confidentiality: When 3 party cant read email between sender & receiver. Use
rd
encryption.
If symmetric key is used, they is passed in a different manner than the email.
If Public-Private key encryption is used. The receivers private key must be protected &
kept secret. Only the recipient private key can open & read the message.
If weak method is used, the attacker may grab the emai & spends few weeks to
decrypted the message.
Strong encryption: SSL (Secure Sockets Layer) 128 bits or more & PGP (Pretty Good
Privacy) using 2048 bit key.
Email Integrity: Ensure email has not been altered in transmission using digital
signature. Any alteration to encrypted email will cause the decryption of email to fail.
Digital Signing email allows for non repudiation (= Sender deny having send the email
at later date). Sender may claim to send hoax or a forgery. Or if it use digital
signature that the senders private key was stolen.
Email encryption does not allow for non repudiation, because the encryption is done
with receiver public key and can be accessed by anyone to encrypt the email.
Email Availability: If the User ability to send & receive email. If attacker able to
prevent sender to send email, this using DOS Attack.
System Admin can ensure email availability: (1) use Spam Filter; (2). Use Border
protection device ie: Firewall & Proxies.; (3) Use Internal Network Protections ie:
Intrusion detection systems (IDS); (4).Use host based intrusion detection system
(HIDS) to protect Server & PC. (5). Backup; (6) Strong Password etc
Kerberos is network
Authentication. Stron
Authentication.
will be described in
Chapter 16
Be Paranoid:
You can avoid email propagated malcode attack
1. Keep your email address private (difficult)
2. Setup one or more sacrificial email address for public.
3. Keep email for different organization separate. Ie separate from
home, private email.
4. Do not open any email that is not expected
5. Never open attachment from stranger
6. Never save or open attachment unless it is absolutely
necessary!
Architectural Considerations:
1. Check for viruses.
2. Use Email Relay (sit in DMZ zone) or Proxy
3. Buffer against Attack
4. Backup frequently
5. Control scripting capability
6. Limit and Quarantine Attachment