email security - when can i consider my e‐mail to be secure? by ralph van der pauw

8/8/2019 Email Security - When can I consider my email to be secure? by Ralph van der Pauw

1/19

HaagaHeliaUniversityofAppliedSciences

Email SecurityWhencanIconsidermyemailtobesecure?

RalphvanderPauwa1000513

27/4/2010


2/19


3/19

2

Whatisemail?

EmailistheabbreviationofElectronicmail,anowstandardizedwordusedtodescribetheprotocol

ofexchangingandstoringdigitalmessages.Thoughtherehadalreadybeensomeprogramsmadefor

exchangingmessages

between

direct

connected

computers,

the

first

foundations

for

email

had

been

inventedintheearly1970sbyRayTomlinson.ShortlyafterthecreationoftheARPANET(beginning

oftheinternet)hecreatedtwoprogramscalledSNDMSGandREADMAILtoeithersendorreadmail.

In1971heupdatedhisSNDMSGapplicationbyaddingaprogramthatcouldcopyfilesthrougha

networkconnectionwhichcompletedthecreationofthefirstfunctionalemailclient(Hardy,1996).

Tomlinsonassignedeveryclientaddressbasedonthesamestructureweusenowadays.Inhiscaseit

wasusername@usercomputer,withusernamebeingtheclientsnameandusercomputerthe

computerwheretheclientwaslocated(Black,2010).Overtheyearsnotmuchhaschangedother

thanthatusercomputerchangedintothenameoftheprovider(domainname).Furthermorean

extensionis

added

behind

the

domain

defining

acountry

or

sector.

Still

the

foundation

of

Tomlinsonsworkexistsinthecommunicationthatwefindsocommoninourdaytodaylife.

Anemailisbasicallyatextmessagecontainingaheaderandabody.Theheaderismeantfor

metadatasuchasthesender,recipient,dateandotherinformationdefiningthecontent. Thebody

containsthecontentwrittenbythesenderwhichcaneitherbeplaintextorHTMLcodedcontent.

MostemailclientssupportHTMLbodiesinemailmessages,butduetotheexistenceofolderemail

clients,alinktoawebpageoratextversionofthebodyisstillsentalong. Emailusedtobeatext

onlyprotocol,butwiththedevelopmentofMIME(MultipurposeInternetMailExtensions)itisnow

possibletosendrichmultimediacontentsuchasattachmentsalong.MIMEisawaytoconvertfiles

intoplain

text,

so

it

can

be

sent

with

the

email

messages.

Once

the

message

arrives

with

the

recipient,thetextisconvertedbacktothefileitwasbeforeithadbeensent(Tschabitscher,2010).

SimpleMailTransferProtocol

TheprotocolusedtosendanemailmessageiscalledSMTP,meaningSimpleMailTransferProtocol.

Whentheclientsendsanemail,itssentbytheemailclienttotheSMTPserverwhichisusually

hostedbyeitheryour(online)mailorinternetserviceprovider.Theworldwidestandardforthe

SMTPportisportnumber25,onlybeingusedtosendemail. AftertheSMTPserverconnectedwith

yourmailclientaconversationisinitiatedcontainingboththeaddressoftherecipientandthe

addressofthesender.Therecipientaddressisbrokendownintotheclientnameandthedomain

name.If

the

domain

had

been

the

same

as

the

domain

used

to

send

the

mail,

the

SMTP

server

would

passthemessagesontothePOP/IMAPserver.Incaseadifferentdomainisused,theSMTPserver

connectstotheDNS(DomainNameServer)andwillaskfortheuniqueinternetwebaddress(IP:

InternetProtocoladdress)oftheSMTPserverforthatdomain.TheSMTPserverconnectswiththe

otherSMTPservertotransferthemessagetoitsserver.Themessageisthenplacedinthevirtual

mailboxoftherecipient. InrealitythedeliveryofthemessagebetweentwoSMTPserverstakesabit

moretimeandstepsbutthisprocesswillbeexplainedwhenwecovertheinternetandpackage

sniffing(Brain,2008).

PostOfficeProtocol&InternetMessageAccessProtocol

Thereare

two

different

protocols

for

receiving

email

messages.

The

oldest

and

simplest

protocol

is

calledPOPorPOP3(PostOfficeProtocol).Thetransferprocessisremarkablysimple:Whenaperson


4/19

3

useshisorheremailclient,theclientlogsinonthePOP3serverusingport110andthenusesthe

LISTcommandtoseeifthereareanymessagesthathavetoberetrieved.Iftherearenewmessages

availabletheemailclientretrievesthemessagesfromtheserverusingtheRETRcommandafter

whichthevirtualmailboxisemptyagainandallnewmessagesarestoredontheclientscomputer.

TheIMAP(InternetMessageAccessProtocol)isabitmoreadvancedbecauseitkeepsyourmailon

themailserverandletstheclientdownloadcopiesofthenewmessagestocacheitonthemachine.

Whenanewmessageisreadthemailclientsends(whenconnectedtotheinternet)acommandto

theIMAPserversothemessageontheservercanbemarkedasreadtoo.Thiswayyouareableto

keepyoumailsynchronizedinmoreplaces(Brain,2008).

DisadvantagesofIMAPforcompaniesmightbethatthesizeofthevirtualmailboxcantakeupalot

ofunnecessaryspaceonthecompanyshostserver.NowadaysPOP3canalsosupportthepossibility

tokeepacopyofyoumessagesontheserver,butIMAPstillcoversamoreadvancedgroundinthe

mailprotocolbeingabletochangethestatusofthemessageontheservertoforexampleread.


5/19

4

Whyshouldemailbesecure?

Emailhasbecomeoneofthebiggestwaysofcommunication.With90%oftheUnitedStatescitizens

onlinetoreadorsendemail,itisconsideredthemostpopularformofcommunicationinboth

corporateas

well

as

personal

communication.

57%

of

these

citizens

use

email

on

aday

to

day

basis

forithasbecomepartoftheirdailyroutine(Brownlow,2009).Unfortunatelythatsoneofthe

reasonsithasbecomeinsecure.Emailhasbecomeapartofourdaytodayroutinewhichformost

peoplehasmadeitaroutinetheynolongerpayattentionto.

Thesuccessfactorofemailliesinthefactthatitissimple,cheap,relativelyfastandhasbecome

somethinguniversaleverybodyisabletouse.Thetotalnumberofemailssendin2009hasbeen

estimatedaround90trillion.Thismeanseveryday247millionemailsperdayaresentandreceived

byanestimated1.4billionemailusersaroundtheworld(Pingdom,2010).Wetakethisformof

communicationforgrantedandstartusingitforalmosteverythingwewouldliketotalkabout.Little

dowe

know

how

secure

our

communications

really

are.

Whilethenumberofemailclientsisrapidlyincreasing,theincreaseofhackingattemptsonthe

internethasincreasedevenmore.SecuritycompanySymantecshowshowthenumberofinfected

computersin2009hasincreasedwith71%comparedtotheyearbefore.Everysecondseveral

hundredsofattemptsaremadetoconfiscatesensitiveinformationortoinfectacomputerwith

maliciouscode.Every4.5secondsoneoftheseattemptssucceeds.Thesestatisticsshowhowa,to

mostpeople,seeminglyinnocentenvironmentjustisntthatinnocentatall.Internetgrowsasa

commonnecessityineveryoneslife,butmostuserslosetrackhowitalsogrowstobeaplatform

thatcanbeabusedinmanydifferentways.

Howtheinternetworks

Askingaregularemailuserhowhisorheremailwillactuallybedeliveredtotherecipientandwhat

itcanbeexposedto,willpointouthowunknowntheemailtrafficactuallyis.Asexplainedbefore,

theSMTPserverwilltrytoconnecttotherecipientsSMTPserver,butthesendingprocessofthis

emailisnotdonebydirectlytransferringthemessageservertoserver.Thisisnothowtheinternet

works.Packagesaresentinanassumeddirectionwheretheyarebeingreceivedbyotherservers

whokeeppassingthemontotherightdirection,socalledrouting.Whenapacketisreceivedby

oneoftheserouters,thepacketheaderisexaminedandtheroutersearchesitsroutinginformation

table(RIT)foranaddressofarouterclosertowheretherecipientsmailserverislocated(Wilson,

1997).More

shocking

is

that

when

your

email

is

not

encrypted,

which

it

usually

isnt,

it

is

very

easy

fortheseserverstoreadthecontentofyouremailiftheywouldactuallywantto.Thecorrectterm

forscanningthesepacketsalongtheemailrouteispacketsniffing.Ifyouremailsarenotbeing

encryptedtheyaresentascleartextpastseveralrouterswhothenhavetheabilitytointerceptand

readthem.

Notjustsendinganemailcanputyouinavulnerablespot.WhenyouarelogginginonyourPOP3or

IMAP4server,thelogininformationisinitiallysentascleartext.Thismeanswithpacketsniffing

methodsyourusernameandpasswordcanberead(Theall,2004).Nowconsiderthenumberof

peoplethatusethesamepasswordfortheiremailclientasaccesstotheirbackaccount,itcould

becomealucrative

business.

Nowadays

most

email

clients

support

encryption

for

these

log

in


6/19

5

connectionsbuttherearestillquitealotofmailserversthatdonotuseanyencryptionatallwhich

leavesplaintextlogininformationunsecure.

Commonsense

Inanalyzingemailsecurityanddirectthreatstothemailboxwefindourselvesdefiningtwodifferent

fieldsof

prevention.

There

are

on

one

side

the

technical

aspects

(like

the

encryption

and

sniffing,

mentionedbefore)andthenthereiscommonsense.Commonsenseisanaspectthatcantbe

preventedaseasilyasthetechnicalaspectsinemailsecurity.Assumingmostofthepeopledonot

knowwheretheiremailgoesafterpressingthesendingbutton,theyusuallyarentthatawareto

protecttheirmailboxwithsomecommonsense.

Thereisabignecessityforsecuringbothyourmailboxandyourinternettraffic.Asmentionedbefore

itisthenumberoneformofcommunicationinbothprivateandcorporatesector.Theamountof

sensitiveinformationthatisbeingsentthroughemailsisgigantic.Summedupfrompersonal

informationlikebanktransactionsandprivatematterstocompanysecretsandclassifieddocuments.

Itis

really

not

that

hard

to

intercept

and

read

these

emails.

Of

course

methods

like

packet

sniffing

andbreakingintosomeonesmailboxarestillillegal,butthatdoesnotkeepcertainpeoplefrom

tryingit.


7/19

6

Whichthreatsexistinemail?

Withthreatswearenotfocusingsomuchontheprivacyissuesofemail,butmoreontechnical

dangersofreceivingemail.Mostcompaniesthinktheysecurethemselveswithafirewallwhich

wouldmake

unauthorized

access

to

their

intranet

impossible.

Unfortunately

this

is

not

entirely

true,

severalattackmethodsexistthatcanbypassthisfirewall.Mostimportantlyfirewallsdonotcheck

thecontentofemailmessagesthatarebeingsentandreceivedbythepersonswhoareauthorized

tousethisintranet(GFISoftware,2009). Inthelastquarterof2009,SymantecinternetSecurity

Companyadded921,143newmaliciouscodesignaturestotheirdatabase(Pingdom,2010).Thisis

dangerousbecausethelargestamountoftheinternetusersstillareignorantabouttheinternets

capabilitiesandrelytoomuchontheirownfalseassumptions.Thiswillputtheminanunsecure

positionsurroundedbymillionsofpiecesofmaliciouscode.

Trojans

Abigthreatinreceivingemails,especiallywithattachments,isaTrojan.TrojansshortforTrojan

horses arepartsofcodehiddeninausefullittleapplicationthatlocatesitselfonyourharddrive..

TheygottheirnamefromthehorseofTroyinthelegendaryancientstorywhereGreeksoldiershad

hiddenthemselvesinsideabigwoodenhorse,allegedlybuiltbyOdysseusasagiftforthegoddess

PallasAthenaandleftoutsidethegatesofthecityofTroy.OncetheGreekhadleft(sotheymadeit

looklike)andtheTrojanshadbrokendownasectionofthecitywalltohaulthegianthorseintotheir

city,thewoodenhorseopenedupandtheGreeksoldiersconqueredTroy.

Trojansdonotautomaticallyspreadthemselves,theyarepartofsomethingandtheuseristhe

personthatacceptsandactivatesthemaliciouscodewithoutknowingit.Theyusuallyspreadbye

mailand

sometimes

through

p2p

(person

to

person)

networks

(Petri,

2009).

WhataTrojanactuallydoesisitopensupyourPCtootherusersthroughabackdoorinthecode.A

Trojanhasaccesstocopy,removeorchangefilesonyourharddriveanditcantakecontrolofyour

computershardware.UsuallyTrojansareusedtoaddyourcomputerasasocalledzombietoa

botnet.Abotnetisalargenetworkofinfectedcomputersthatcanbeusedtocreatemassattacksto

adifferentcomputeroraserver.TheattacksarecalledDistributedDenialOfService(DDOS)

attacks,allthezombiecomputersinthebotnetworkareusedtosendrequeststoasingleserver

withtheintentiontomakeitcrash.ApartfromDDOSattacksyourcomputercanalsobeusedasa

spambottosendlargeamountsofspamemailstodifferentemailaddresses.Thespambotcrawls

theworldwide

web

for

new

email

addresses

to

sell

these

email

addresses

to

companies

for

spam

purposes.Trojanscanfunctionforalongtimeonyourcomputerwithoutyouevenknowingit;thisis

whatmakesthemsodangerous.

Viruses

CNNreportedinJanuary2004thattheMyDoomviruscostcompaniesaboutUS$250millioninlost

productivityandtechsupportexpenses,whileNetworkWorld(September2003)citedstudiesthat

placedthecostoffightingBlaster,SoBig.F,WechiaandotheremailvirusesatUS$3.5billionforUS

companiesalone(GFISoftware,2009).

Computerviruses

are

most

likely

the

biggest

threat

in

sending

and

receiving

emails.

They

are

besidesthatalsothebiggestcostexpense.Onceacomputerhasbeeninfectedbyavirusitisusually


8/19


9/19

8

In2000theILOVEYOUvirushadinfectedmillionsofcomputersallovertheworld.Itsoongotthe

nameILOVEYOUvirusalthoughitsarchitecturedefineditasaworm.Thewormwashiddeninan

attachmenttoanemailmessagewiththesubjectILOVEYOU.TheattachmentcalledLOVE

LETTERFORYOU.TXT.vbsmadepeopleverycuriousandluredtheuserintoclickingitandthereby

activatingtheworm.Afteropeningtheattachmentthewormsentacopyofitselftoeveryoneinthe

addressbookandmadesomemaliciouschangestothecomputersystem.Becauseoftheenormous

amountofemailmessagesbeingsentatthesametime,alotofPOPserverscrashed.Thewormhad

agiganticimpactontheworldcausinganestimated5.5billiondollarsofdamage(Lemos,2000).


10/19

9

Howcanthesethreatsbeeliminated?

Youcanneverentirelyprotectyourselffromviruses,Trojansandworms.Butyoucandoareally

goodjobbyrelyingontherightantivirussoftwareandhandlingsuspiciousemailsaccordingly.

Antivirussoftware

Therightantivirussoftwarewillmakesurethemajorityofthesethreatswillbepickedupby

scanningtheincomingmailandoutgoingmail.Themostpopularantivirusprogramshavea

detectionratebetween95%99%,whichprovestheydontentirelyprotectyoufromalltheexisting

threats(Mathews,2009).Nonethelesstheydoagoodjobfilteringoutmostofthemaliciousmails.

Alwaysmakesureyourantivirusdefinitionsareuptodate.Mostantivirussoftwareupdatesitself

whenthecomputerbootsbutdomakesureyouhavethelatestupdatesinstalledonyourcomputer.

Whenyouuseanemailclientonyourdesktop,makesureyourantivirusprogramsupportsinbound

aswellasoutboundemailscanning.Themostpopularsoftwaresuitsdoso,butitsstillimportantto

makesure

that

when

receiving

your

mail

you

know

it

has

been

filtered

through.

The

importance

of

outboundemailscanningliesinthefactthatyoudonthurtyourrecipientsbyaccidentlymailing

themmaliciousattachmentsorlinks.Asmentionedbefore,onceawormhasbeenactivateditcan

copyitselfandsendthesecopiestoyouraddressbook.Thisiswhereoutboundemailscanning

comesinplace.ItpicksuptheconnectionmadetotheSMTPserverandscanstheemailsfor

anythingmaliciousbeforetheyaredeliveredattheSMTPserver.Ifanythingisfound,theemailsare

blockedandyouhavepreventedyourselffromspreadingtheproblem.

Dependingonyourmailprovider,youremailmightalreadybescannedforvirusesontheserver

side.Thereareantivirusapplicationswhichareabletorunasamoduleon(forexample)aLinuxmail

serverand

make

it

possible

to

scan

all

the

SMTP

traffic

passing

that

server.

Having

an

anti

virus

scan

onbothserversideandclientsidelevelprovidesahigherdetectionrateandthereforincreasesyour

protectionlevelinemailcommunication(Kaspersky,2010).

Thinkbeforeyouact

Althoughtheantivirussoftwarewillinterceptthemajorityofthesethreats,thereisstillaverylow

percentagethatcanslipthroughyourfilter.Thepointistobeverycautiouswhenyoureceiveemail.

Developersofmaliciouscodesdoeverythingtomaketheemaillookassafeandnormalaspossible.

Whenyoureceiveanewemail,thereareseveralprecautionstepsyoucantotaketoavoidmalicious

threats(Microsoft,2010).

Nevertrustthesenderinformation.Auserisabletospoofthesenderaddresssothattheemaillooksharmless.

Approachimagesinanemailwithcaution.Imagescancontainaharmlesscodethatsendsinformationbacktotherecipient.Theprocessistriggeredbyclickingontheimageandis

oftenusedtoharvestemailaddressesforspammingpurposes.

Approachlinksinanemailwithcaution.Dontclickalinkifyoudonottrustthelocationitwilltakeyouto.Bymovingthemouseoveralinkmostemailclientsshowyouwherethe

linkwilltakeyou.


11/19


12/19

11

Whichvulnerabilitiesexistinemail?

Besidesthreatsinemailtraffic,thereareseveralpointsofinteresttosecureyourprivacywhen

sendingoraccessingyouremail.Becausethemajorityofthepeopleusingemailrelyonmodern

technologyto

secure

them

and

their

email,

they

do

not

realize

the

user

has

an

equal

part

in

this

security.Withouttherightprecautionsemailingeneralisquiteunsecure.

Privacy

Ingeneralanemailmessageisnotencrypted,whichmeansyourcontentissentinplaintexttothe

recipient.Passingseveralroutersthatcandigitallyeavesdroponthepassingemailstherearealotof

possibilitiesforreadingyouremailwiththewrongintentions.Unfortunatelythisisnotwhereit

stops.BothISPsandrouterscanstoreunprotectedbackupsofyouremails.

Ineffect,everyemailleavesadigitalpapertrailinitswakethatcanbeeasilyinspectedmonthsor

yearslater

(CPASecure,

2007).

Wevediscussedthebasicsofpacketsniffingearlierbuttounderstandthevulnerabilitywewilllook

morecloselyintotheprocessandaccessibility.Apacketsniffer(alsoknownasanetworkanalyzeror

networkmonitor)isaprogramthatisusedtointercepttraffictravelingbetweentwonetworked

computersorservers.Thepacketsnifferwillinterceptthepacketsincludingdatatostoreitforlater

analysis.Whenyousendanemail,itisbrokendownintosegmentsallcontainingaheaderand

footerwiththedestinationaddress,senderandotherinformation.Whenthepacketsarrivewiththe

recipient,theyarebeingreconstructedandthepacketheadersandfootersarestrippedaway.

Asimpleexampleofafunctioningpacketsnifferiswhenyouconnecttoasimplehubnetworkwith

yourdeviceandsetupthepacketsniffer.Inthenetworkallthedataisspreadbyahub.Every

computerreceivespacketsthatarenotmeantforit.Asimplefilterinthecomputermakessurethat

thesepacketswithdifferentdestinationinformationarediscarded.Usuallyapacketsnifferisonly

abletocapturethepacketsintendedforthedeviceitisrunningfrom.Butwithapacketsnifferin

promiscuousmodeyouareabletodisablethefilterandreceiveallpacketstravelingthroughthe

network.TrafficfromcomputerAtocomputerBcanbeinterceptedbycomputerCwithoutA&B

knowingit.Itsveryhardtodetectthiskindofpacketsniffingbecauseitcreatesnotrafficbyitself.

Thisexampleisbasedonahubnetworkwhichhastheprincipletosendallthepacketstoallthe

connecteddevices.Amoresecurenetworkwouldbeaswitchnetworkbecauseaswitchactually

sendsthe

addressed

packets

to

the

right

device,

unlike

ahub.

Unfortunately

this

does

not

mean

you

areprotectedonaswitchednetwork.Thereareafewworkaroundstotricktheswitchinsendingyou

thepackets.OnemethodcalledARPpoisoningwilltrytopretendasbeingthedestinationdevice

soitwillreceivethepackets.AnotherwayistofloodtheswitchwithdifferentMACaddresses

(MediaAccessControl)sotheswitchwillgoinfailopenmode,thismodefunctionssimilartothe

hubfromthepreviousexample.Bothoftheabovementionedmethodsdocreatetrafficwhereitis

easiertodetectthepacketsniffing(Bradley,2010;Kayne,2010).

Besidespacketsniffingitisimportanttoknowthatanemailuserhimselfisabigvulnerabilitytoo.In

thenextchapterwewillsumupsomeprecautionsanemailusershouldtakebeforeheorsheuses

anemail

client

so

it

becomes

clear

that

technical

abuse

is

not

the

only

vulnerability.

Matters

like

haste,improperuseandunawarenesscanbeimportantrisksinemailuse.


13/19

12

Spam&Phishing

Bothspamandphishingmailareunwantedmailsthattrytomakeaprofitfromyou.Spammailsare

unwantedmailsby(usually)anunknownaddressthattrytosellyouproductsorservices.Famous

spamsubjectslinesare: Youreceivedagreetingcard,MastersdegreewithnoeffortsandNon

profitjobfromhome.Phishingisinthiscaseamoreconcealedmethodwherepeopletrytoobtain

sensitiveinformation

in

aseemingly

secure

environment.

The

email

or

website

tries

to

masquerade

itselfastrustworthytoluretheuserintofillinginhisorherpersonalinformation.Examplesaree

mailsfrombanks,auctionsitesoronlinepaymentcompanies.Itisnothardforanyonetomakea

websitelooklikeitistrustworthytofillincreditcarddetails.Itsimportanttoalwayscheckthe

websiteaddressforacorrectURL(withoutanyspellingerrors)(WindowsLive,2010).

Althoughspamseemsharmlessandpeoplequicklyidentifyit,ithasstillafewunknowndownsidesto

it.Whenyouopenaspamemail,eighttimesoutoftenitcontainsatrackingmethodthatenables

thesendertoidentifyyouremailaddressasactive.Youemailaddresscanthenbesoldtospam

corporationsinwhichcaseyouwillstartreceivingevenmorespam(InformationAge,2006).The

biggestdownsideinspamemailisthetimeconsumingefforttoremoveandreportspamemail.It

canbeatremendouscostexpenseforcorporations.Googlehaslaunchedacalculatortoestimatethe

totallosscausedbyspam.Foracompanywith100employers,whowork245daysayearwitha

salaryof65euroanhour,spamcancostacorporationover100.000euroayear(Google,2010).


14/19

13

Howcanthesevulnerabilitiesbereduced?

Mostvulnerabilitiescanbereducedtoaminimumbutcanunfortunatelynotbeeliminated.Itisup

totheusertodetermineiftherisklevelislowenoughtouseemailasacommunicationmethod.In

loweringthis

risk

level

we

will

take

two

approaches,

atechnical

and

human

approach.

Encryption(SSL,TLS&PGP)

Inthetechnicalapproachthefocusliesonencryption.Encryptionisanimportantpartofemail

security.Inencryptingthemessagesarecypheredintounreadablecodesothepacketsarenot

readableforanyonewhotriestointerceptthem.Allemailtrafficshouldbedonethroughasecure

connection.Notonlysendingandreceivingemailsbutalsothecommandssenttotheserversuchas

logininformationshouldbesecure.AsecureconnectioncanbeestablishedbyeitherusingtheSSL

ortheTLSprotocol.SSL(SecureSocketLayer)wasinitiallycreatedbyNetscapetoensurethe

integrityofdatatransport.TLS(TransportLayerSecurity)isbuiltasanimprovementonSSLwith

strongerkey

encryption

algorithms

and

the

ability

to

work

on

different

ports.

Both

TLS

and

SSL

use

thepublicprivatekey(AsymmetrickeyCryptosystem)infrastructure.Inthisencryptionmethodtwo

uniqueencryptionkeysexist,apublicandprivatekey.Thepublickeyisusedtoencryptthedataand

theprivatekeytodecrypt.Theprivatekeyremainsprivatebutthepublickeyissenttoarecipientto

encryptitsdatawith.Thiswayonlytheowneroftheprivatekeycandecryptthemessageandsee

whatdataitcontains(UITS,2009;Technet,2010).

BothyouremailclientandemailprovidershouldbeabletosupportaSSLorTLSconnectionin

ordertousethissecuremethodofexchangingdata.NowalmosteveryemailclientsupportsSSLand

TLS,butunfortunatelytherearestillsomeolderemailproviderswhodonotupdatetheirserversto

adaptto

this

method

of

secure

data

exchange.

AnotherwaytoencryptyouremailiswiththePGP(PrettyGoodPrivacy)infrastructure.PGPislike

SSLandTLSalsobasedonanAsymmetricKeyInfrastructurebutthereisadifference.SSLandTLSare

morebasedonthetransportofdatabetweenclientsandservers.PGPismeantforstoringdata

whereitwillencryptthewholeemailandsendittoarecipientthatcanonlydecryptitwhenheor

shealsousesPGP.WhileSSLandTLSaresecuringtheprotocol(SuchasPOPIMAPandSMTP),PGP

encryptsafile(thewholeemailmessage)andtherebysecuresthecommunicationbetweentwo

clients.Besidesencryptionoftheemails,arecipientcanalsoidentifythesenderoftheemail

throughanauthenticationbythesender(RUN,2010).Asmentionedbefore,adownsideisthatboth

clientshave

to

support

PGP

which

has

not

become

abig

standard

with

email

users

(yet)

(PGP,

2010).

Spamfilters

Mostemailprovidersandclientsofferspamfilteroptions.Evensomeantivirusprogramsoffer

spamfilters.Aspamfilterwillinterceptemailsdefinedasspambasedonthelevelofprivacythathas

beensetinthefilter.Spamfiltersusuallyworktogetherwithyourcontacthistoryandapersonal

databasetodeterminewhatemailsaremeantfortheuserandwhicharespam.Emailsdefinedas

spamwillbeputinthespamdirectoryanduserscanscanthisdirectoryforpossiblemistakes.Ifane

mailslipsthroughthefiltertheuserhasanoptiontomarkitasspam,thesenderdetailswillthenbe

takenintoaccountandtheemailwillbedealtwithappropriately.


15/19

14

Awareness

Awarenessinusingyouremailaccountmightbejustasimportantasinstallingtechnicalprecautions.

Incorporationsitisveryimportantfortheadministratorstocreatethisawarenessamongthe

employees.Importantprecautionsforemailusersarelistedbelow.

Keepthenumberofemailaccountstoaminimum.Itiswisetosplitpersonalandcorporateemailoverdifferentaccountsbuttokeepthenumberofaccountsaslowaspossible.

Besidesapersonalandcorporateaccountitisrecommendedtocreateaseparateaccount

forlesssecuretraffic,asocalledspamaccount.Thisaccountcanbeusedforinternetforms

andunsecurecommunication(ITSecurity,2008).

Amoresecurewayofcommunicationisthetelephone.Ifyourmessagecanbesentbyatelephonecallitiswisetochoosethismoresecureandprivateoption.

Spamtrafficisusuallycumulative.Thismeansonceyoustarttoreceivealotofspam,theamountwillslowlyincrease.Itisthereforesmarttodiscardaccountswhicharereceivingan

immenseamountofspam(ITSecurity,2007).

Whenaccessingyouremailonapubliccomputer,neveruseanemailclientbutalwaysusethewebinterfaceofyouremailprovider.Whenyouaredonewiththesession,closethe

browser,logoutanddeletethecache,cookies,historyandpasswordssotherearenotraces

ofyoursessionleft.

AvoidusingthereplyallorBCCoptioninsendingemails.Thiswayyoushowyourownandothersemailaddressestoalotofusers.TryusingtheCCoptionwhereotheremail

addressesarehiddentoobtainprivacy(ITSecurity,2008).

Neversendsensitivecompanyinformationwithyour(unsecure)personalaccount,alwaysuseyourcorporateaccountwhereyourprivacycanbeprotectedbythecompanysIT

department.If

the

information

happens

to

be

intercepted,

you

are

less

vulnerable

in

possible

lawconflicts(ITSecurity,2007).

Createregularbackupsofyouemailaccount.Importantemailmightbestoredinyourmaildirectories,alwaysmakesuretheseemailsarebackeduponyourcomputers.Alsowhen

accessingyouremailonamobileplatformandusingthePOPprotocol,makesurethereisa

copyoftheemailonyourserver.Acellphoneiseasilylostandwiththatyouwouldloseall

youremailstoo.

Anoftenusedtechniquetoobtainyouremailaddressistosendyounewsletterswithanunsubscribeoption.Whenyouhaveclickedthisoptionyouwillbelinkedtoawebpageand

your

e

mail

address

will

be

stored.

Dont

unsubscribe

for

these

e

mails

unless

you

remember

subscribingtothem(ITSecurity,2007).

Phishingmailsmightslipthroughyourspamfilterdependingonthelevelofthoroughnessyousetitto.Identifyaphishingmailbylookingforanythingthatimpliesthemailisnotfrom

whoitpretendstobe.Inthemailyouwillprobablybeaskedtofillinpersonalinformation.

Mostbanks,webpaymentsandauctionsitesusewebformsforthesematterssoifyouare

askedtomailyouraccountdetailsyoucanassumeitisfake.Iftheygiveyoualinktogoto,

alwaysholdyourmousecursoronthelinktoseewheretheaddressmayleadyouto.Check

carefullyforspellingerrorsinthelinkwhichisacommontricktomasqueradeasa

trustworthyidentity(Microsoft,2010).


16/19

15

Realizewhereyouremailgoestoandhowittravelsthere.Itisimportantthatanemailuserknowshowhisemailworksandwhatcouldhappen.Thismightscaretheusertoavoide

mailtoacertainextinct.


17/19

16

Sources

(Black,2010)WhatisEmail?ByKenBlack.http://www.wisegeek.com/whatisemail.htmretrieved

on2042010.

(Hardy, 1996) TheEvolutionofARPANETemail,byIanR.Hardy.

http://www.livinginternet.com/References/Ian%20Hardy%20Email%20Thesis.txtretrievedon204

2010.

(Brain,2008)Howemailworks?ByMarshallBrainandTimCrosby.

http://communication.howstuffworks.com/email.htmretrievedon2042010.

(Tschabitscher,2010)HowMIMEworks,byHeinzTschabitscher.

http://email.about.com/cs/standards/a/mime.htm retrievedon2042010.

(Hitwise,2010)

Top

20

Sites

&

Engines,

by

Hitwise

Pty

ltd.

http://www.hitwise.com/us/datacenter/main/dashboard10133.html retrievedon2142010.

(Brownlow,2009)EmailandWebmailstatistics,byMarkBrownlow.http://www.emailmarketing

reports.com/metrics/emailstatistics.htm retrievedon2142010.

(iHotdesk,2008)Emailmostpopularformofcommunication,byiHotdesk.

http://www.ihotdesk.com/article/18626486/Emailmostpopularformofcommunication retrieved

on2142010.

(Pingdom,2010)Internet2009innumbersbyPingdom.

http://royal.pingdom.com/2010/01/22/internet2009innumbers/retrievedon2142010.

(Wilson,1997)TheJourneyofpackets,byGarretWilson.

http://www.garretwilson.com/essays/computers/routing.html retrievedon2142010.

(Theall,2004)IMAPunencryptedcleartextlogins,byGeorgeA.Theall.

http://www.securityspace.com/smysecure/catid.html?id=15856 retrievedon2142010.

(Symantec,2010)InternetSecurityThreatReportVolumeXV:April2009,bySymantec.

http://eval.symantec.com/mktginfo/enterprise/white_papers/b

whitepaper_exec_summary_internet_security_threat_report_xiii_042008.en

us.pdf

retrieved

on

2142010.

(GFISoftware,2009)Protectingyournetworkagainstemailthreats,byGFISoftware.

http://www.gfi.com/whitepapers/networkprotectionagainstemailthreats.pdf retrievedon224

2010.

(Petri,2009)WhatsaTrojanhorse?ByDanielPetri.

http://www.petri.co.il/whats_a_trojan_horse.htm retrievedon22042010.

(Notenboom,2007)Whatsabotnet?OrZombie?Andhowdomyselffromwhateveritis?ByLeo

Notenboom.http://ask


18/19

17

leo.com/whats_a_botnet_or_zombie_and_how_do_i_protect_myself_from_whatever_it_is.html

retrievedon2242010.

(Spamlaws,2009)ComputerVirus:TheTypesofVirusesOutThere,bySpamlaws.

http://www.spamlaws.com/virustypes.html retrievedon2442010.

(Kamat,2001)VirusesTypesandExamples,byMayurKamat.

http://www.boloji.com/computing/security/015.htm retrievedon2442010.

(Beal,2009)Thedifferencebetweenacomputervirus,wormandTrojanhorse.ByVangieBeal.

http://www.webopedia.com/didyouknow/internet/2004/virus.asp retrievedon2442010.

(Lemos,2000)InsidetheILOVEYOUworm.ByRobertLemos.http://news.zdnet.com/21009595_22

107344.html retrievedon2442010.

(Mathews,2009)SixfreeantivirusprogramsmadeforyourWindows7system,byLeeMathews.

http://www.downloadsquad.com/2009/10/24/sixfree

antivirus

programs

made

for

your

windows

7system/ retrievedon2442010.

(Kaspersky,2010)KasperskyAntiVirusforLinuxMailserver,byKaspersky.

http://www.kaspersky.com/antivirus_linux_mail_server retrievedon2442010.

(Microsoft,2010)Howtohandlesuspiciousmail,byMicrosoft.

http://www.microsoft.com/protect/fraud/spam/email.aspx retrievedon2442010.

(CPASecure,2007)Problems..byCPASecure.http://www.cpasecure.com/Problems.htmlretrievedon

2542010.

(Bradley,2010)Introductiontopacketsniffing.ByTonyBradley.

http://netsecurity.about.com/cs/hackertools/a/aa121403.htm retrievedon2542010.

(Kayne,2010)Whatisapacketsniffer?ByR.Kayne.http://www.wisegeek.com/whatisapacket

sniffer.htm retrievedon2542010

(WindowsLive,2010)Whatisphishing?ByWindowsLive.http://onecare.live.com/site/en

Us/article/phishing_what.htm retrievedon2642010.

(InformationAge,2006)Thehiddendangerofspam,byInformationAge. http://www.information

age.com/articles/295441/thehidden

danger

of

spam.thtml

retrieved

on

26

42010.

(Google,2010)TheGoogleROIcalculator,byGoogle.

http://www.google.com/postini/roi_calculator.htmlretrievedon2642010.

(RUN,2010)EmailenPGP,byRadboudtUniversityNijmegen.http://www.ru.nl/ict

beveiliging/cert_ru/algemene_informatie/email_en_pgp/ retrievedon2742010.

(UITS,2009)WhatisthedifferencebetweenSSLandTLS,byUnivesityInformationTechnologies

Services.http://kb.iu.edu/data/anjv.html retrievedon2742010.

(PGP,2010)

PGP

Desktop

email,

by

PGP

corporation.

http://www.pgp.com/products/desktop_email/retrievedon2742010.


19/19

(Technet,2010)TechnetLibraryWhatisTLS/SSL?ByTechnetMicrosoftCorporation.

http://technet.microsoft.com/enus/library/cc784450(WS.10).aspx retrievedon2742010.

(ITSecurity,2008)HackingEmail:99TipstoMakeyouMoreSecureandProductive,byITSecurity.

http://www.itsecurity.com/features/99emailsecuritytips112006/retrievedon2742010

(ITSecurity,2007)25Mostcommonmistakesinemailsecurity,byITsecurity.

http://www.itsecurity.com/features/25commonemailsecuritymistakes022807/retrievedon27

42010.

email security - when can i consider my e‐mail to be secure? by ralph van der pauw

Documents