Discussion Board
sb230529
CH14.pptxChapter 14 Internet Services and Email
Chapter 14 Overview
Fundamentals of internet service, notably email
Email formatting and transmission
Email security issues
Enterprise firewalling and point of presence
Internet Services
Software that provides Layer 7 services
Not all Layer 7 services are end-user services
DNS – name translation for other services
DHCP – automated host configuration
Traditional internet applications
Many Internet applications were developed before security problems became serious
Some date to the 1970s
Older applications: file transfer (FTP), remote terminals (Telnet), finger protocol
Internet Email
Email with “@” address dates back to 1971
Developed for ARPANET hosts
Two types of Internet standards for email
Formatting standards – layout of email messages and how to handle attachments
Protocol standards – how to exchange an email message/file between hosts
Basic Email Format
MIME Formatting
“Multipurpose Internet Message Extension”
Traditional email contains 7-bit ASCII characters
Some email servers erase the eighth bit, or otherwise modify it
MIME provides a way to embed non-ASCII encoding in an email message
Embeds images or complex documents
Formats messages using Web-style markup
Includes encrypted data or digital signatures
Email Protocols
Two Types of Protocols
Mailbox protocols – let a client program retrieve email from a server
POP3 – a simple and popular protocol
IMAP – a more elaborate protocol
MAPI – Microsoft's Message API (Exchange)
Delivery protocols – transmit an email to another server for delivery to its destination
Typically Simple Mail Transfer Protocol: SMTP
Tracking an Email: Servers
Tracking an Email: Headers
Is This Email Genuine?
Headers from the Suspect Email
Email Security Problems
Connection-based attacks
Large-scale sniffing risks
Many sites use SSL to encrypt email traffic
Spam
Unsolicited email; often distributes frauds
Phishing
Email that tries to retrieve authentication data
Email viruses
Messages that trick user into replicating them
Spam, Spam, Spam, Spam, Spam
A huge problem
Unsolicited email wastes bandwidth, server storage space, server compute cycles
Typical spam involves fraudulent or illegal activities, or products not accepted in normal advertising channels
Frauds
Advance fee fraud
Dubious stock investments
Spam Prevention and Control
Restrict access to mail servers
Whitelists – lists of email servers that actively avoid handling spam
Blacklists – email servers that carry spam
Identify spam by pattern and filter it out
Binary matching – looks for an exact match with specific features
Statistical matching – calculates likelihood that an email is spam; filters on relative scores
Phishing
A social engineering attack
Email induces the recipient to visit a bogus website and provide login credentials
Bogus banking site, ecommerce site, email site, etc.
Elements of a phishing attack
Spam email that takes users to the bogus site
Website that collects user's credentials
Domain name that carries the website
Email Viruses
Contains an executable attachment that propagates the virus if the user runs it
The virus typically uses the user's email client to transmit the virus to people in the user's email contact list
Recipients may treat the email as legitimate since it comes from an acquaintance
Examples: Melissa, ILOVEYOU, Resume
Mechanisms: Microsoft Visual Basic, or binary executables masquerading as other files
Email Chain Letters
An email that induces the recipient to forward it to a lot of other people
Some are based on traditional paper-based chain letters (illegal under Post Office rules)
Hoaxes – if recipients forward the email, some benefit arises (donations to a cause, etc.)
Cancer examples
Virus hoaxes – emails that warn of a computer security risk and recommend forwarding to everyone – not how we distribute such warnings
Enterprise Firewalls
Provide access control at a site's gateway
Originally not intended as part of Internet
Now provides NAT and traffic filtering
Internet Access Policy Issues
How do employees use the Internet to get their work done?
What services does the enterprise offer to Internet users?
Internet-Related Risks
Risks posed by Internet access
Attacks on internal file servers and clients (#1)
Poor email service due to spam (#4)
Risks posed by a lack of Internet
Lost sales from lack of a website (#2)
Lack of email yields poor customer communication (#3)
Ineffective R&D, marketing, and purchasing staff due to lack of browser access (#5)
A Simple Internet Policy
Controlling Internet Traffic
Host control
Restrict on sending or receiving address
Service control
Restrict on TCP or UDP port number
Direction control
Restrict according to whether the traffic was initiated inside or outside of the site
Content control
Examine application-level data to detect violations of specific restrictions
Filtering Internet Traffic
Traffic Filtering Mechanisms
Packet filtering
Examine individual packets
Make decisions on a per-packet basis
Session filtering
Establish a session based on socket address
Permit/deny based on source of session
Keep track of session status (i.e., TCP open)
Application filtering
Reconstruct application layer data and filter based on data contents
Firewall Rule Format
Rules to Enforce Simple Policy
Enterprise Point of Presence (POP)
POP topology – how site connects to Internet
Single firewall, with optional bastion host
Three-legged firewall
Dual firewall
The DMZ – demilitarized zone
A military/political term for an internal LAN that accepts inbound Internet connections
May be protected from the rest or the enterprise LAN via a firewall
Single Firewall with Bastion Host
Three-Legged Firewall
Dual Firewall with DMZ
Attacking a Firewall
Protocol attacks
IP spoofing – bypassed firewall by masquerading as internal traffic
Fragmentation attack – made first fragment too small to contain the port number
Tunneling
Embed traffic inside a protocol that the firewall always passes, like Web pages
Requires custom client and server
Some legitimate vendors use tunneling
