Please enable JavaScript.
Coggle requires JavaScript to display documents.
GENERAL (E-mail security threats (Integrity >> unauthorized…
GENERAL
E-mail security threats
Integrity >> unauthorized modification
Confidentiality >> unauthorized disclosure
Authenticity >> unauthorized access
Availability >> prevent users from send or receive mail
Email Security Services
Integrity >> hash function and secret or public
Privacy >> secret or public key
Authentication >> using secret and public key
Non-repudiation >> digital signature
Layers of Security
Transport > SSL & TLS
App > S/MIME, PGP, SET
Network > Ip sec
Email Security counter measures
Educate and regularly remind users of the danger of malicious programs (No email system is secured)
Design and implement prevention systems to early detect and give warning message to users (malicious programs).
Make sure email software is configured properly
E-mail components
OR
mail architecture
user world
Message User Agents (MUA)
transfer world
Message Handling Service (MHS), which is composed of Message Transfer Agents (MTA)
types of transferring email protocols
Used to move messages through the Internet from source to destination
SMTP
Used to transfer messages between mail servers
POP 3 , IMAP
Message component
envelope
contents
Secure E-mail Approaches
PGP
Certificates are an optional in PGP
Each user decides which keys to trust
Different from S/MIME by treating mails as files
S/MIME
Relies on certificates and uses multiple certificate hierarchies
differences between S/MIME and OpenPGP
Key Certification
Key Distribution