Sie sind auf Seite 1von 42

Securing Email Communications

Module 9

Simplifying Security.

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security: Malicious


Messages 'A Problem For Govt. Too'
May16,2011

Individualswhoareconcernedaboutdatalossmaybesurprisedtohearofthenumberof
hackingattacksattemptedontheTreasury.
ChancellorGeorgeOsbornerevealedattheGoogleZeitgeistconferenceonMonday(May
16th)thateachmontharound20,000maliciousemailsaresenttoUKgovernmentnetworks.
Furthermore,henoted:"During2010,hostileintelligenceagenciesmadehundredsofserious
andpreplannedattemptstobreakintotheTreasury'scomputersystem.Infact,itaveraged
outasmorethanoneattemptperday."
Asaresultofthesefigures,Mr OsbornepointedoutthattheTreasuryisoneofthemost
targetedbydataattacksacrossthewholeofWhitehall.
Governmentisnottheonlyareaconcernedaboutbreachesthough,withSquareEnix recently
confirmingthatacoupleofwebsitesitisassociatedwithhavebeenattacked.
http://www.cryptzone.com

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Objectives
EmailSecurityProcedures

EmailSystem

HowtoObtainDigitalCertificates?

EmailSecurity

OnlineEmailEncryptionService

EmailSecurityThreats

EmailSecurityTools

Spamming

EmailSecurityChecklist

Hoax/ChainandScamEmails

SecurityChecklistforCheckingEmails
onMobile

EmailSecurityControlLayers

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Introductionto
EmailSecurity

Email
SecurityThreats

HowtoObtain
DigitalCertificates?

Email
SecurityTools

Email
SecurityProcedures

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Threat Scenario 2011


Email Spam Intercepted
Top 5 Geographies

93.5%

Italy

Denmark

93.2%

Email Virus Intercepted


Top 5 Geographies

UK

92.0%

Spain

France

92.0%

Oman

Switzerland

91.5%

Global Spam Rate (89.1%)

1in147.2 SouthAfrica

SouthAfrica

Austria

Email Phish Intercepted


Top 5 Geographies

1in164.6

1in174.1

1in229.0

1in237.8

Switzerland

Global Virus Rate (1 in 284.2)

UK

Oman
United
Arab
Emirates
NewZealand

1in99.0

1in214.8

1in341.9

1in424.0

1in568.1

Global Phish Rate (1 in 444.5)

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Various Email Systems Work?


Email (electronicmail)isamethodofexchangingdigitalmessagesfromasendertooneor
morerecipients
CompaniessuchasMicrosoft,Yahoo!,Google,andAOLofferfreeemailaccounts
Emailaccountscanbeaccessedfromanywebbrowser orastandaloneemailclientsuchas
MicrosoftOutlook,MozillaThunderbird,etc.

Internet

Sender

EmailClients

EmailServer

EmailServer

EmailClients

Receiver

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security
Noemailcommunicationis100%secure

Insecureemailsallowattackerstointerceptpersonaland
sensitiveinformationoftheuser

Ifnotsecured,emailssent/received canbeforgedor
readbyothers

Emailsareoneofthesourcesofviruses andvarious
malicious programs

Itisnecessarytosecure emailstohave safer communications


andtoprotectprivacy

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Introductionto
EmailSecurity

Email
SecurityThreats

HowtoObtain
DigitalCertificates?

Email
SecurityTools

Email
SecurityProcedures

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security Threats


MaliciousEmailAttachments
Attachmentsmaycontainavirus,Trojan,worms,
keylogger,etc.,andopeningsuchattachments
infectsthecomputer

MaliciousUserRedirection
Mailsmaycontainlinksthat
websiteshostingmalwares
andpornographicmaterial

Phishing
Phishing mailslurevictimstoprovide
personaldata

Hoax/ChainMail

Spamming

Theusermayreceivehoaxemails
thatcontainfalseinformation
tellinghim/hertoforwardthe
mail

Theusermayreceivespammails
maycontainmalwareallowing
attackerstotakecontrolofthe
usercomputer

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Malicious Email Attachments


Emailattachmentsaremajoremailsecuritythreatsastheyoffersattackers
easiestandmostpowerfulwaystoattackaPC
Mostmaliciousattachmentsinstallavirus, Trojan, spywareoranyotherkindof
malware codeassoonasyouopenthem

10

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Attachments: Caution


Save andscan allemail
attachmentsbeforeopeningthem

Checkiftheemailisfromoneof
yourcontacts

Donotopenattachmentswith
suspicious orunknownfile
extensions
Example:*.exe,*.vbs,*.bat,*.ini,
*.bin,*.com,*.pif,*.zzx

Checkiftheemailwasever
receivedfromthesource

Neveropenanemailattachment
fromunreliablesources

Checkifthesubjectline andname
ofthe attachmentarecorrelated
witheachother

11

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Spamming
Unsolicitedbulkmessages

Spammingistheuseofemail
systemstosendunsolicitedbulk
messagesindiscriminately
overloadingtheusersinbox
Spamemailsmaycontainmalicious
computerprograms suchasviruses
and Trojans
AccordingtoSymantec,spam
makesup89.1%ofallemailtraffic

Attacker

User

SpamSourcesbyContinent

44%

Europe
Asia

27%
18%

SouthAmerica
Africa

8%
7%

NorthAmerica
Oceania

3%
0

20

40

60%

http://www.m86security.com
12

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Spamming Countermeasures
Avoidopeningspammessages
(classifiedbyspamfilters)

Reportsuspiciousemailas
spam

Usetheemailclient's
spamfilterandanti
spammingtools

Donotuseofficial
emailaddresswhile
registeringwithany
website

Neverfollowthelinksinspam
messages

Useadifferentemailaddresswhen
postingmessagestoanypublic
forum

13

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Anti-Spamming Tool: SPAMfighter


SPAMfighter protectsalltheemailaccountsonaPCagainst"phishing",identitytheft,
andotheremailfrauds

http://www.spamfighter.com
14

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Hoax/Chain and Scam Emails

Hoaxesareemailmessageswarningthe
recipientsofnonexistentthreats

Usersarealsowarnedofadverseeffects
iftheydonotforwardtheemailtoothers

http://www.scamletters.com

http://diamondback.com

15

Ascamemailasksforpersonalinformation
suchasbankaccountdetails,creditcard
numbers,password,etc.

Thesenderofscammailsmayalsoaskthe
recipienttoforwardtheemailtoeveryonein
his/hercontactlist

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Nigerian Scam
ANigerian scamisaformofadvance
paymentofmoneyormoneytransfer
http://in.mail.yahoo.com/

ThisscamiscalledaNigerianscam
becauseinitiallyitstartedfromNigeria,
buttheycancomeinanywhereinthe
world
Usingthisscam,scammerscontactyou
bysendinganemailandofferyoua
shareinalargesumofmoney
Theysaytheywanttotransfermoney,
whichwastrappedinbanksduringcivil
wars,toyouraccount
Theymayalsocitevariousreasonssuch
asmassiveinheritanceproblems,
governmentrestrictions,ortaxesinthe
scammerscountry
Scammersaskyoutopaymoneyorgive
themyourbankaccountdetailstohelp
themtransferthemoney

From:Mr.WongDu
Seoul,SouthKorea.
IwillintroducemyselfIamMr.Wong duaBankerworkinginabankinsouthKoreaUntilnowIam
theaccountofficertomostofthesouthKoreagovernmentaccountsandIhavesincediscovered
thatmostoftheaccountaredormantaccountwithalotofmoneyintheaccountonfurther
investigationIfoundoutthatoneparticularaccountbelongtotheformerpresidentofsouthKorean
MRPARKCHUNGHEE,whoruledsouthKoreanfrom19631979andthisparticularaccounthasa
depositof$48mwithnonextofkin.
MyproposalisthatsinceIamtheaccountofficerandthemoneyortheaccountisdormantand
thereisnonextofkinobviouslytheaccountownertheformerpresidentofSouthKoreahasdied
longtimeago,thatyoushouldprovideanaccountforthemoneytobetransferred.
Themoneythatisfloatinginthebankrightnowis$48mandthisiswhatIwanttotransfertoyour
accountforourmutualbenefit.
PleaseifthisisokaybyyouIwilladvicethatyoucontactmethroughmydirectemailaddress.
Pleasethistransactionshouldbekeptconfidential.Foryourassistanceastheaccountownerwe
shallsharethemoneyonequalbasis.
Yourreplywillbeappreciated,
Thankyou.
WongDu

16

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Introductionto
EmailSecurity

Email
SecurityThreats

HowtoObtain
DigitalCertificates?

Email
SecurityTools

17

Email
SecurityProcedures

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security
Control Layers
Receiver

Sender

18

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security Procedures


Scanemailattachments
formalware

Createandusestrong
passwords

Turnoffthepreview
featureandchange
downloadsettingsin
emailclients

Providealternateemail
address formail
recovery
Checkforlastlogging
activity

Createjunkemailfilter
inemailclients

Digitallysignyourmail
messages

UseHTTPS forbrowser
connection
Disable/unselect KeepMe
SignedIn/RememberMe
functions

Avoidunwantedemails
usingfilters

19

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Creating Strong Passwords


Strongpasswordsaredifficulttocrackorguess
Astrongpasswordcanbecreatedbyusingcombinationsofnumbers(09),letters
inupperandlowercase(azandAZ),andspecialcharacters(!@#$%)
Createastrongbuteasytorememberpasswordanddonotwriteitanywhere

20

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Alternate Email Address


Analternateemailaddressistheadditionalemailaddress requiredatsignupformostof
thefreeemailservicessuchasGmailandYahoo
Itisusedbyserviceproviderstoverifytheaccountcreatorsidentify
Alternateemailaddressesareusedforpasswordrecoveryincaseyouforgotthepassword

21

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Keep Me Signed In/Remember Me


Mostofthepopularemailclients
havetheKeepmesignedin or
RememberMe options
Checkingtheseoptionsallowthe
emailclienttofetchtheemailinbox
oftheuserwithouthim/herhaving
tofillinthelogindetailsagain
Thisallowsotheruserstoaccessthe
usersemail
Usersshouldcheckthatthisoption
isnotselectedwhenaccessing
emailfromapubliccomputer

22

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Using HTTPS

WebmailssuchasGmail,Yahoomail,Hotmail,AOLMail,etc.haveanoptionforchoosingthe
communicationprotocolforbrowserconnection

ChangetheBrowserconnectionsetting toreceiveemailusingHTTPS (HTTPSecure)

23

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Check for Last Account Activity


Alwayscheckthelatestemailaccountactivity
ifthefeatureisavailablewiththeemail
service

TocheckaccountactivityinGmail,scrolltothe
bottomofthepageandclickDetails
Immediatelychangeyourpasswordand
passwordhintsifyouobserveanysuspicious
activity

Latestaccountactivityincludesinformation
suchasaccesstype(browser,mobile,POP3,
etc.),location (IPaddress),anddate/timeof
accountactivities

24

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Scanning Email Attachments


Becautiouswhenopeninganyemailattachment
Save alltheattachmentsandscan themproperlyformalwareusinganantivirus
beforeopening
Enabletheantivirustoautomaticallyscan alltheemailsanddownloads

25

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Turn Off Preview Feature


Emailclients haveanoptiontoshowapreviewof
theemail
Turnoffthisfeature inemailclients
Turningonthisfeaturemayexecutescriptcode
withoutyouexplicitlyopeningthemessage
ToturnoffthepreviewfeatureinMicrosoft
Outlook:
GotoView menuandselectReadingPane
ClicktheOffoption

ToturnoffthepreviewfeatureinMozilla
Thunderbird:
GotoView menuandselectLayout
UnchecktheoptionMessagePane

26

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Filtering: Avoiding Unwanted Emails


Emailfilteringistheprocessoforganizingemailsaccordingtoaspecifiedcriteria
Emailfiltersaregenerallyusedtoidentifyandcategorizespammails
ToavoidunwantedemailsinOutlook2010,gototheDeletegrouponthe Home tab,
clickJunk andJunkEmailOptions,OntheBlockedSender tab,clickAdd
Enteranemailaddressordomainname,clickOK

27

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Introductionto
EmailSecurity

Email
SecurityThreats

HowtoObtain
DigitalCertificates?

Email
SecurityTools

28

Email
SecurityProcedures

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Digitally Sign Your Emails

Digitalsignaturesareusedtoauthenticatethesenderofamessageorthesigner
ofadocument

Theycanalsobeusedtoensurethattheoriginalcontentofthemessageisnot
changed

Usersrequireanemailcertificatetodigitallysignemails

Youcanobtaindigitalsignaturesfromcertificationauthorities

ExampleofCertificationAuthorities:

VeriSign (http://www.verisign.com)

Comodo (http://www.comodo.com)

Thwate (http://www.thawte.com)

Entrust (http://www.entrust.com)

29

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How to Obtain Digital Certificates?


GototheCertificateAuthorities
website
Purchaseanddownload adigital
certificate
Somecertificateauthoritiesofferafree
personalemailsecuritycertificatesuch
asComodo
Providepersonaldetailstodownload
thecertificate
Login totheemailaccountthatyou
haveprovidedwhiledownloadingthe
certificate
Checkyourinboxforaninstallation
link

30

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Installing a Digital Certificate


Clickontheinstallationlinktoinstallthe
digitalcertificate
InInternetExplorergoto Tools Internet
Options Content tab
Inthecontenttab,clickCertificates button
SelectthecertificateandclicktheExport
button
ClickonNext
ChecktheYes,exporttheprivatekey option
ClickonNext
Protecttheprivatekeybygivingapassword
andconfirmingit
Specifythefileyouwanttoexportandsaveit
toaparticularlocation

31

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Signing Your Emails


GototheMicrosoftOutlook File Options
ClickonTrustCenter TrustCenterSettings
EmailSecurity
Encryptthemailbyselectingtheappropriate
checkboxesundertheEncryptedemail section
ClicktheImport/Export button
Browsetofindthefiletoopenandgivethe
password anddigitalIDname
ClicktheOK button
ClickNewMail towriteamessage
AfterclickingontheSend button,itwillprompt
toencryptthemessage
ClicktheSendUnencryptedbutton(ifthe
recipientsdonothaveprivatekey)
ClickontheContinue buttoniftherecipient
haveprivatekey

32

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Signing Your Emails

33

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Microsoft Outlook Download Settings


ChoosetheAutomaticDownloadoptionfromtheTrustCenterandselecttheoptions
asshowninthefigure

34

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Introductionto
EmailSecurity

Email
SecurityThreats

HowtoObtain
DigitalCertificates?

Email
SecurityTools

35

Email
SecurityProcedures

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Online Email Encryption Service: Lockbin


Lockbinisafreeserviceforsendingprivateemailmessages
Itisusedforsendingconfidentialinformationsuchascreditcarddetailsandbusinessinformation

https://www.lockbin.com
36

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security Tools


Comodo AntiSpam

McAfeeSpamKiller

http://www.comodoantispam.com

http://us.mcafee.com

Netcraft Toolbar

ComodoEmailCertificate

http://toolbar.netcraft.com

http://www.comodo.com

PhishTank SiteChecker

Mirramail SecureEmail

https://addons.mozilla.org

http://www.mirrasoft.com

Spamihilator

Encryptomatic MessageLock

http://www.spamihilator.com

http://www.encryptomatic.com

37

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Summary
Email(electronicmail)isamethodofexchangingdigitalmessagesfromasenderto
oneormorerecipients
Attachmentscancontainmaliciousprograms;openingsuchattachmentscaninfect
thecomputer
Spammingistheprocessofpopulatingtheusersinboxwithunsolicitedorjunkemails
Hoaxesarefalsealarmsclaimingreportsaboutanonexistentvirus
Donotforgettodeletebrowsercache,passwords,andhistory
Considersettingmobilephonestodownloadonlyheadersofemails,notthefullemail
Digitalsignaturesareusedtoauthenticatethesenderofamessageorthesignerofa
document
Emailsecuritytoolsprotectpasswordsandautomaticallylogoffemailaccounts

38

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Communication Checklist


DONTUSEjustoneemailaccountforallpurposes
DONTCLOSEthebrowserwithoutproperlyloggingout
DONTFORGETtodeletebrowsercache,passwords,andhistory
DONTSENDpersonalandfinancialinformationviaemail
DONTTRUSTtheemailsfromyourfriendstobesecure
DONTDELETEspaminsteadofblacklistingit
DONTFAILtoscanallemailattachmentsandtoenabletheemail
spamfilter
DONT USE simpleandeasytoguesspasswords

39

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security Checklist


Createstrongpasswordsforloggingintomailaccounts
Enablehttps forsecurecommunications/transactions
Bediligentwhileopeningemailattachments
Donotclickonlinks providedinemailmessages
Followemailetiquettewhenforwarding messages
Donotforwardorreplytospam andsuspiciousemails;deletethem
Avoidaccessingemailviaunsecured publicwirelessconnection
Avoidaccessingtheemailaccountsonshared computersandsending
largeattachmentsinemails

40

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Email Security Checklist


UseBcc:optionwhensendingmailtobulkrecipients
Neversaveyourpassword onthewebbrowser
Sortmessagesbypriority,subject,date,sender,andotheroptions
(Helpsinsearchingemail)
Avoidsendingconfidential,sensitive,personal,andclassified
informationinemails
CleanyourInbox regularly
Createfoldersandmoveemail accordingly(Family,Friends,Work,etc.)
Digitallysignyouroutgoingmails
SendattachmentsinPDFformratherthanWordorExcelformats

41

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Security Checklist for Checking Emails on Mobile


Considersettingmobilephonestodownloadonlyheadersofemails,
notthefullemail
Configuretocheckonlyattachmentnotifications,butnot
attachments
Donotopen/send largeattachmentsfrommobile
Donotfollowlinkssentinemailortextmessages
Installmobileantivirusandkeepituptodate
TurnoffShowPicturesinyourMobileBrowser
Toreducethesizeofemail,sendtheminplaintext
Zip andsendanyimportantfiles

42

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.