Chapter 14Internet Services and EmailChapter 14 Overview.docx
- 1. Chapter 14 Internet Services and Email Chapter 14 Overview Fundamentals of internet service, notably email Email formatting and transmission Email security issues Enterprise firewalling and point of presence Internet Services Software that provides Layer 7 services Not all Layer 7 services are end-user services DNS – name translation for other services DHCP – automated host configuration Traditional internet applications Many Internet applications were developed before security problems became serious Some date to the 1970s Older applications: file transfer (FTP), remote terminals (Telnet), finger protocol Internet Email Email with “@” address dates back to 1971 Developed for ARPANET hosts Two types of Internet standards for email Formatting standards – layout of email messages and how to handle attachments Protocol standards – how to exchange an email message/file between hosts
- 2. Basic Email Format MIME Formatting “Multipurpose Internet Message Extension” Traditional email contains 7-bit ASCII characters Some email servers erase the eighth bit, or otherwise modify it MIME provides a way to embed non-ASCII encoding in an email message Embeds images or complex documents Formats messages using Web-style markup Includes encrypted data or digital signatures Email Protocols Two Types of Protocols Mailbox protocols – let a client program retrieve email from a server POP3 – a simple and popular protocol IMAP – a more elaborate protocol MAPI – Microsoft's Message API (Exchange) Delivery protocols – transmit an email to another server for delivery to its destination Typically Simple Mail Transfer Protocol: SMTP Tracking an Email: Servers Tracking an Email: Headers
- 3. Is This Email Genuine? Headers from the Suspect Email Email Security Problems Connection-based attacks Large-scale sniffing risks Many sites use SSL to encrypt email traffic Spam Unsolicited email; often distributes frauds Phishing Email that tries to retrieve authentication data Email viruses Messages that trick user into replicating them Spam, Spam, Spam, Spam, Spam A huge problem Unsolicited email wastes bandwidth, server storage space, server compute cycles Typical spam involves fraudulent or illegal activities, or products not accepted in normal advertising channels Frauds Advance fee fraud Dubious stock investments Spam Prevention and Control Restrict access to mail servers Whitelists – lists of email servers that actively avoid handling spam Blacklists – email servers that carry spam
- 4. Identify spam by pattern and filter it out Binary matching – looks for an exact match with specific features Statistical matching – calculates likelihood that an email is spam; filters on relative scores Phishing A social engineering attack Email induces the recipient to visit a bogus website and provide login credentials Bogus banking site, ecommerce site, email site, etc. Elements of a phishing attack Spam email that takes users to the bogus site Website that collects user's credentials Domain name that carries the website Email Viruses Contains an executable attachment that propagates the virus if the user runs it The virus typically uses the user's email client to transmit the virus to people in the user's email contact list Recipients may treat the email as legitimate since it comes from an acquaintance Examples: Melissa, ILOVEYOU, Resume Mechanisms: Microsoft Visual Basic, or binary executables masquerading as other files Email Chain Letters An email that induces the recipient to forward it to a lot of other people Some are based on traditional paper-based chain letters (illegal under Post Office rules) Hoaxes – if recipients forward the email, some benefit arises
- 5. (donations to a cause, etc.) Cancer examples Virus hoaxes – emails that warn of a computer security risk and recommend forwarding to everyone – not how we distribute such warnings Enterprise Firewalls Provide access control at a site's gateway Originally not intended as part of Internet Now provides NAT and traffic filtering Internet Access Policy Issues How do employees use the Internet to get their work done? What services does the enterprise offer to Internet users? Internet-Related Risks Risks posed by Internet access Attacks on internal file servers and clients (#1) Poor email service due to spam (#4) Risks posed by a lack of Internet Lost sales from lack of a website (#2) Lack of email yields poor customer communication (#3) Ineffective R&D, marketing, and purchasing staff due to lack of browser access (#5) A Simple Internet Policy Controlling Internet Traffic Host control Restrict on sending or receiving address Service control Restrict on TCP or UDP port number
- 6. Direction control Restrict according to whether the traffic was initiated inside or outside of the site Content control Examine application-level data to detect violations of specific restrictions Filtering Internet Traffic Traffic Filtering Mechanisms Packet filtering Examine individual packets Make decisions on a per-packet basis Session filtering Establish a session based on socket address Permit/deny based on source of session Keep track of session status (i.e., TCP open) Application filtering Reconstruct application layer data and filter based on data contents Firewall Rule Format Rules to Enforce Simple Policy Enterprise Point of Presence (POP) POP topology – how site connects to Internet Single firewall, with optional bastion host
- 7. Three-legged firewall Dual firewall The DMZ – demilitarized zone A military/political term for an internal LAN that accepts inbound Internet connections May be protected from the rest or the enterprise LAN via a firewall Single Firewall with Bastion Host Three-Legged Firewall Dual Firewall with DMZ Attacking a Firewall Protocol attacks IP spoofing – bypassed firewall by masquerading as internal traffic Fragmentation attack – made first fragment too small to contain the port number Tunneling Embed traffic inside a protocol that the firewall always passes, like Web pages Requires custom client and server Some legitimate vendors use tunneling image2.jpg image3.jpg image4.jpg
- 8. image5.jpg image6.jpg image7.jpg image8.jpg image9.jpg image10.jpg image11.jpg image12.jpg image13.jpg image14.jpg image1.jpg Details: Using the course text, professional journal articles, or other reputable resources, and complete the assignment as listed below. First Part: What is the main attraction of free email (other than cost)? What are the risks associated with free email services? Think back to basic cybersecurity principles. Second Part (in the same document): Describe a recent, successful phishing attack. Was the email a free service? What was the organization and industry sector (healthcare, gov, etc.)? How many records were breached? Paper Requirements:Format: Microsoft Word Font: Arial, 12-Point, Double-Space (or equivalent) Citation Style: APA or MLA (The point is to use a style
- 9. that makes your document readable and give credit to the sources you used.) Length Requirements: 2–3 pages Coversheet List of References Page. Proofread - Edit for spelling, grammar, punctuation, etc. Use only course text, professional journal articles, or other reputable resources.