Ch06 - Web Security - W ebSecur ity Chapter6

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Web Security Security+ Guide to Network Security Fundamentals  Second Edition Chapter 6
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Objectives Protect e-mail systems List World Wide Web vulnerabilities Secure Web communications Secure instant messaging
Background image of page 2
3 Protecting E-Mail Systems E-mail has replaced the fax machine as the primary  communication tool for businesses Has also become a prime target of attackers and must be  protected
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 How E-Mail Works Use two Transmission Control Protocol/Internet Protocol  (TCP/IP) protocols to send and receive messages Simple Mail Transfer Protocol (SMTP) handles outgoing  mail Post Office Protocol (POP3 for the current version) handles  incoming mail The SMTP server on most machines uses sendmail to do the  actual sending; this queue is called the sendmail queue
Background image of page 4
5 How E-Mail Works (continued)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 How E-Mail Works (continued) Sendmail tries to resend queued messages periodically (about every  15 minutes) Downloaded messages are erased from POP3 server Deleting retrieved messages from the mail server and storing them  on a local computer make it difficult to manage messages from  multiple computers Internet Mail Access Protocol (current version is IMAP4) is a more  advanced protocol that solves many problems E-mail remains on the e-mail server
Background image of page 6
7 How E-Mail Works (continued) E-mail attachments are documents in binary format (word  processing documents, spreadsheets, sound files, pictures)  Non-text documents must be converted into text format before  being transmitted Three bytes from the binary file are extracted and converted to  four text characters
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 E-Mail Vulnerabilities Several e-mail vulnerabilities can be exploited by attackers: Malware Spam Hoaxes
Background image of page 8
9 Malware Because of its ubiquity, e-mail has replaced floppy disks as the primary  carrier for malware E-mail is the malware transport mechanism of choice for two reasons:  Because almost all Internet users have e-mail, it has the broadest  base for attacks Malware can use e-mail to propagate itself A worm can enter a user’s computer through an e-mail attachment and  send itself to all users listed in the address book or attach itself as a  reply to all unread e-mail messages
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 Malware (continued) E-mail clients can be particularly susceptible to macro viruses A macro is a script that records the steps a user performs A macro virus uses macros to carry out malicious functions Users must be educated about how malware can enter a system through e- mail and proper policies must be enacted to reduce risk of infection E-mail users should never open attachments with these file extensions: 
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 41

Ch06 - Web Security - W ebSecur ity Chapter6

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online