tailieunhanh - Chapter 14 – Email and Instant Messaging

The Internet has been around for a LONG time. For most of it’s life nobody cared about the Internet except for government, researchers and geeks like me. The Internet was never intended for security. IT was indented as a resilient network for communications. Nobody ever though it would be used for what it’s used for today | Security+ All-In-One Edition Chapter 14 – Email and Instant Messaging Brian E. Brzezicki Email Yeah, I have nothing catchy for the first slide Internet (425) The Internet has been around for a LONG time. For most of it’s life nobody cared about the Internet except for government, researchers and geeks like me. The Internet was never intended for security. IT was indented as a resilient network for communications. Nobody ever though it would be used for what it’s used for today Email (425) Email has been around for a LONG time as well, as such the is NO security in the SMTP protocol. It was assumed that everyone who was using Email would just “play nice” No Authentication No Encryption Email wasn’t even intended to send anything advanced (like images, sounds, word documents) It was just intended to send text. (more) Email No a days there is a lot of security concerns with email which we are already familiar with Method for sending viri, Trojans, and worms Phishing attacks Hoaxes . | Security+ All-In-One Edition Chapter 14 – Email and Instant Messaging Brian E. Brzezicki Email Yeah, I have nothing catchy for the first slide Internet (425) The Internet has been around for a LONG time. For most of it’s life nobody cared about the Internet except for government, researchers and geeks like me. The Internet was never intended for security. IT was indented as a resilient network for communications. Nobody ever though it would be used for what it’s used for today Email (425) Email has been around for a LONG time as well, as such the is NO security in the SMTP protocol. It was assumed that everyone who was using Email would just “play nice” No Authentication No Encryption Email wasn’t even intended to send anything advanced (like images, sounds, word documents) It was just intended to send text. (more) Email No a days there is a lot of security concerns with email which we are already familiar with Method for sending viri, Trojans, and worms Phishing attacks Hoaxes SPAM (more) Email Security There is also one other major problem with email that you might not realize Email is counted on by organization for a means of communications, some would say it’s even mission critical. That leaves two problems that we need to discuss Forged email Compromise of confidential information sent over email Forged Email Forging of email is TRIVIAL in most cases. (do example if we already did not) What are some concerns with forged emails? (more) Forged Email Can anyone think of any technologies we already discussed that can help with the email forgery problem? Signing Email If we use digital certificates we can sign our emails to prove it’s from us! (we’ll talk about how to do this later) Email Encryption (431) The other problem with email is that sensitive information might be sent over email. (SSNs, Credit Card #s etc). If we sent email that was encrypted from person to person we’d be able to solve this problem Email Security (431) There are two technologies we