network security potpourri - computer sciencegoldbe/teaching/cs558s17/emailsecurity.pdf ·...
TRANSCRIPT
![Page 1: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/1.jpg)
Email Security
CS558 Network Security
Boston University
Prof. S. Goldberg, Spring 2017
![Page 2: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/2.jpg)
https://www.elie.net/blog/understanding-how-tls-downgrade-attacks-prevent-email-encryption
![Page 3: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/3.jpg)
![Page 4: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/4.jpg)
STARTTLS
As visible in the diagram above, this retrofitting was achieved by adding the verb STARTTLS to the SMTP options command that the server sends to the SMTP client as part as the protocol negotiation. If the client supports encryption (TLS), it will understand the STARTTLS verb and will initiate a TLS exchange before sending the email to ensure it is encrypted. If the client doesn’t know TLS, it will simply ignore the STARTTLS and send the email in clear
![Page 5: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/5.jpg)
STARTTLS Downgrade Attack
A downgrade attack is a form of attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an old, lower-quality mode of operation (e.g. clear text) that is there for backward compatibility with older systems.
![Page 6: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/6.jpg)
![Page 7: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/7.jpg)
STARTTLS Stripping
![Page 8: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/8.jpg)
Fraudulent DNS responses
![Page 9: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/9.jpg)
![Page 10: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/10.jpg)
![Page 11: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/11.jpg)
PGP?
![Page 12: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/12.jpg)
https://xkcd.com/1181/
![Page 13: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/13.jpg)
PGP encryption of message contents
![Page 14: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/14.jpg)
![Page 15: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/15.jpg)
![Page 16: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/16.jpg)
![Page 17: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/17.jpg)
PGP keys
![Page 18: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/18.jpg)
PGP keys
![Page 19: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com](https://reader034.vdocument.in/reader034/viewer/2022042120/5e99cd3c1dabc71242707a2e/html5/thumbnails/19.jpg)