Slide Web Security
Chapter 6: Web Security Security+ Guide to Network Security Fundamentals Second Edition Objectives • Protect e-mail systems • List World Wide Web vulnerabilities • Secure Web communications • Secure instant messaging Protecting E-Mail Systems • E-mail has replaced the fax machine as the primary communication tool for businesses • Has also become a prime target of attackers and must be protected How E-Mail Works • Use two Transmission Control Protocol/Internet Protocol (TCP/IP) protocols to send and receive messages – Simple Mail Transfer Protocol (SMTP) handles outgoing mail – Post Office Protocol (POP3 for the current version) handles incoming mail • The SMTP server on most machines uses sendmail to the actual sending; this queue is called the sendmail queue How E-Mail Works (continued) How E-Mail Works (continued) • Sendmail tries to resend queued messages periodically (about every 15 minutes) • Downloaded messages are erased from POP3 server • Deleting retrieved messages from the mail server and storing them on a local computer make it difficult to manage messages from multiple computers • Internet Mail Access Protocol (current version is IMAP4) is a more advanced protocol that solves many problems – E-mail remains on the e-mail server How E-Mail Works (continued) • E-mail attachments are documents in binary format (word processing documents, spreadsheets, sound files, pictures) • Non-text documents must be converted into text format before being transmitted • Three bytes from the binary file are extracted and converted to four text characters E-Mail Vulnerabilities • Several e-mail vulnerabilities can be exploited by attackers: – Malware – Spam – Hoaxes Malware • Because of its ubiquity, e-mail has replaced floppy disks as the primary carrier for malware • E-mail is the malware transport mechanism of choice for two reasons: – Because almost all Internet users have e-mail, it has the broadest base for attacks – Malware can use e-mail to propagate itself Malware (continued) • A worm can enter a user’s computer through an email attachment and send itself to all users listed in the address book or attach itself as a reply to all unread e-mail messages • E-mail clients can be particularly susceptible to macro viruses – A macro is a script that records the steps a user performs – A macro virus uses macros to carry out malicious functions ...Objectives • Protect e-mail systems • List World Wide Web vulnerabilities • Secure Web communications • Secure instant messaging Protecting E-Mail Systems • E-mail