Guidelines on Electronic Mail Security - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Guidelines on Electronic Mail Security

Description:

Simple Mail Transfer Protocol (SMTP) Information Networking Security and Assurance Lab ... Which ports. Router: network layer (packet filter) firewall ... – PowerPoint PPT presentation

Number of Views:135
Avg rating:3.0/5.0
Slides: 21
Provided by: butte8
Category:

less

Transcript and Presenter's Notes

Title: Guidelines on Electronic Mail Security


1
Guidelines on Electronic Mail Security
http//csrc.nist.gov/publications/nistpubs/800-45/
sp800-45.pdf
2
Background
  • The process starts with
  • Message composition
  • Transmitted
  • Mail server processing

3
Multipurpose Internet Mail Extensions (MIME)
  • RFC 822 transmitting messages containing textual
    content
  • does not address messages that contain
    attachments
  • MIME were developed
  • Audio
  • Application
  • Image
  • Message
  • Multipart

4
Mail Transport Standards
  • To ensure reliability and interoperability among
    various email applications
  • Simple Mail Transfer Protocol (SMTP)

5
Simple Mail Transfer Protocol Extensions
6
Post Office Protocol
  • developed in 1984
  • a way to copy messages from the mail server
    mailbox to the mail client
  • RFC 918, nine commands were originally available
    for POP

7
Internet Message Access Protocol
8
Email-Related Encryption Standards
  • PGP and S/MIME
  • Based on public key cryptography
  • symmetric key

9
Pretty Good Privacy
10
S/MIME
  • proposed in 1995 by RSA Data Security, Inc.
  • S/MIME version 3

11
Choosing an Appropriate Encryption Algorithm
  • Required security
  • Required performance
  • System resources
  • Import, export, or usage restrictions
  • Encryption schemes

12
Key Management
  • difference between PGP and S/MIME
  • PGP circle of trust
  • S/MIME some newer PGP CA

13
Hardening the Mail Server Application
  • Securely Installing the Mail Server
  • Securely Configuring Operating System and Mail
    Server Access Controls
  • configure access controls
  • Typical files to which access should be
    controlled are
  • use the mail server operating system to limit
    files accessed by the mail service processes.
  • directories and files (outside the specified
    directory tree) cannot be accessed, even if users
    know the locations of those files.
  • using a chroot jail for the mail server
    application
  • To mitigate the effects of certain types of DoS
    attacks

14
Protecting Email from Malicious Code
  • Virus Scanning
  • at the firewall (application proxy) or mail relay
  • The benefits
  • weaknesses

15
Protecting Email from Malicious Code
  • Virus Scanning
  • on the mail server itself
  • The benefits
  • weaknesses
  • Mail servers support the integration of virus
    scanning at the mail server

16
Protecting Email from Malicious Code
  • Virus Scanning
  • on client hosts
  • The benefits
  • weaknesses
  • Mail servers support the integration of virus
    scanning at the mail server

17
Unsolicited Bulk Email
  • unsolicited commercial email (UCE) or spam
  • To control UCE messages
  • open relay blacklists (ORBs)

18
Miscs
  • Authenticated Mail Relay
  • benefits
  • Two methods
  • Secure Access
  • Most protocols did not initially incorporate any
    form of encryption or cryptographic
    authentication
  • Transport Layer Security protocol
  • RFC 2595
  • Enabling Web Access

19
Using Mail Gateways
20
Network Element Configuration
  • Router/Firewall Configuration
  • Routers, stateful firewalls, proxy firewalls
  • Which ports
  • Router network layer (packet filter) firewall
Write a Comment
User Comments (0)
About PowerShow.com