Tài liệu Web Security
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (321.89 KB, 48 trang )
Chapter 6: Web Security
Security+ Guide to Network Security
Fundamentals
Second Edition
Objectives
•
Protect e-mail systems
•
List World Wide Web vulnerabilities
•
Secure Web communications
•
Secure instant messaging
Protecting E-Mail Systems
•
E-mail has replaced the fax machine as the primary
communication tool for businesses
•
Has also become a prime target of attackers and must
be protected
How E-Mail Works
•
Use two Transmission Control Protocol/Internet
Protocol (TCP/IP) protocols to send and receive
messages
–
Simple Mail Transfer Protocol (SMTP) handles outgoing
mail
–
Post Office Protocol (POP3 for the current version)
handles incoming mail
•
The SMTP server on most machines uses sendmail to
do the actual sending; this queue is called the
sendmail queue
How E-Mail Works (continued)
How E-Mail Works (continued)
•
Sendmail tries to resend queued messages
periodically (about every 15 minutes)
•
Downloaded messages are erased from POP3 server
•
Deleting retrieved messages from the mail server and
storing them on a local computer make it difficult to
manage messages from multiple computers
•
Internet Mail Access Protocol (current version is
IMAP4) is a more advanced protocol that solves many
problems
–
E-mail remains on the e-mail server
How E-Mail Works (continued)
•
E-mail attachments are documents in binary format
(word processing documents, spreadsheets, sound
files, pictures)
•
Non-text documents must be converted into text
format before being transmitted
•
Three bytes from the binary file are extracted and
converted to four text characters
E-Mail Vulnerabilities
•
Several e-mail vulnerabilities can be exploited by
attackers:
–
Malware
–
Spam
–
Hoaxes
Malware
•
Because of its ubiquity, e-mail has replaced floppy
disks as the primary carrier for malware
•
E-mail is the malware transport mechanism of choice
for two reasons:
–
Because almost all Internet users have e-mail, it has the
broadest base for attacks
–
Malware can use e-mail to propagate itself
Malware (continued)
•
A worm can enter a user’s computer through an e-mail
attachment and send itself to all users listed in the
address book or attach itself as a reply to all unread e-
mail messages
•
E-mail clients can be particularly susceptible to macro
viruses
–
A macro is a script that records the steps a user
performs
–
A macro virus uses macros to carry out malicious
functions
Malware (continued)
•
Users must be educated about how malware can enter
a system through e-mail and proper policies must be
enacted to reduce risk of infection
–
E-mail users should never open attachments with these
file extensions: .bat, .ade, .usf, .exe, .pif
•
Antivirus software and firewall products must be
installed and properly configured to prevent malicious
code from entering the network through e-mail
•
Procedures including turning off ports and eliminating
open mail relay servers must be developed and
enforced
Spam
•
The amount of spam (unsolicited e-mail) that flows
across the Internet is difficult to judge
•
The US Congress passed the Controlling the Assault
of Non-Solicited Pornography and Marketing Act of
2003 (CAN-SPAM) in late 2003
Spam (continued)
•
According to a Pew memorial Trust survey, almost half
of the approximately 30 billion daily e-mail messages
are spam
•
Spam is having a negative impact on e-mail users:
–
25% of users say the ever-increasing volume of spam
has reduced their overall use of e-mail
–
52% of users indicate spam has made them less
trusting of e-mail in general
–
70% of users say spam has made being online
unpleasant or annoying
Spam (continued)
•
Filter e-mails at the edge of the network to prevent
spam from entering the SMTP server
•
Use a backlist of spammers to block any e-mail that
originates from their e-mail addresses
•
Sophisticated e-mail filters can use Bayesian filtering
–
User divides e-mail messages received into two piles,
spam and not-spam
Hoaxes
•
E-mail messages that contain false warnings or
fraudulent offerings
•
Unlike spam, are almost impossible to filter
•
Defense against hoaxes is to ignore them
Hoaxes (continued)
•
Any e-mail message that appears as though it could
not be true probably is not
•
E-mail phishing is also a growing practice
•
A message that falsely identifies the sender as
someone else is sent to unsuspecting recipients
E-Mail Encryption
•
Two technologies used to protect e-mail messages as
they are being transported:
–
Secure/Multipurpose Internet Mail Extensions
–
Pretty Good Privacy
Secure/Multipurpose Internet Mail
Extensions (S/MIME)
•
Protocol that adds digital signatures and encryption to
Multipurpose Internet Mail Extension (MIME)
messages
•
Provides these features:
–
Digital signatures – Interoperability
–
Message privacy – Seamless integration
–
Tamper detection
Pretty Good Privacy (PGP)
•
Functions much like S/MIME by encrypting messages
using digital signatures
•
A user can sign an e-mail message without encrypting
it, verifying the sender but not preventing anyone from
seeing the contents
•
First compresses the message
–
Reduces patterns and enhances resistance to
cryptanalysis
•
Creates a session key (a one-time-only secret key)
–
This key is a number generated from random
movements of the mouse and keystrokes typed
