Protection of Data in Email Communication - Assignment Example

? Protection of Data in Email Communication TASK ONE IFICATION OF EXPLOITING EMAIL SYSTEMS To protect any information technology infrastructure it is necessary to have proper and sufficient security measures such as installation of security devices, configuration of firewall software, implementation of security protocols, and practices of safe and sound procedures. The content of emails and the path through which they travel to reach the destined address are one the most common security threats nowadays (Voltage 2011) Appendix 1 illustrates the interaction amongst various devices used in infrastructure to move emails from place to place around the world. There are number of organizers and facilitators in the form of computer software, hardware, mobile phones, smart phones, laptops, tablet-pcs, and other such gadgets that allow the user to write the contents, record it and then send it to the destined email account. This entire route of services needs to be protected and secured against any threat that could damage the content and pass malafide contents with an intention to damage network of other people (Voltage 2011) The management of emails and its accounts are done by the email server which has several components out of which two components that are always required consists of Mail Transfer Agent (MTA) and Mail Delivery Agent (MDA). Both of these components perform different tasks. Emails are held by Mail Delivery Agent for delivery to users while emails are sent and received from other servers on Internet by Mail Transfer Agent (Swanson 2004) The Mail Transfer Agent uses Simple Mail Transfer Protocol (SMTP) which picks mail from the email clients and sends to its destination server. The Mail Delivery Agent used two standard protocols; Post Office Protocol (POP) and Internet Mail Access Protocol (IMAP). The main difference between the two protocols are that after downloading the email from POP Server, the mail client removes email messages from the server, living the responsibility for the user to store and preserve it on a local machine (Swanson 2004) Whereas messages are stored in mail server and the backup is also made by the server. Messages are not deleted after downloading from IMAP server. POP is an older protocol and its use is reducing compared with IMAP protocol. The complexity and confusion comes when these two different types of protocols interact on the internet (Swanson 2004) Another component used commonly for protecting external attacks is the firewall software. Crackers and hackers deceive and bypass firewall by tunneling through the protocols used for email accounts as the contents of email are not checked by any protocol or system (GFI Software 2011) Email systems are classified in six ways as given below for which they are exploited for the purposes of information theft, attacking networks of other people and harassing target systems (GFI Software 2011) 1. Attack by trojans and viruses 2. Leakage of information 3. Malicious or offensive content 4. Varying methods of email attacks 5. Vulnerabilities in different software 6. Insufficient protection by security tools 7. Junk emails or SPAM TASK TWO EXAMPLES OF EMAIL EXPLOITS Attacks by trojans and viruses: The use of email has become global and wide spread. The hackers use email to tunnel the trojans and viruses as no security or email protocols check its text. In January 2004, it was reported by CNN that email virus MyDoom cost them US$250 million in productivity lost and expenses for technical support. Similarly in the studies cited by NetworkWorld (September 2003), U.S. companies alone spent an amount of US$3.5 billion to fight against the email viruses such as Blaster, SoBig.F, Wechia and others(GFI Software 2011) Trojans are sent by email and as soon as the email is opened it installs specific code which gains the control of servers and confidential information. Security experts in the computer technology call such trojans as “spy viruses” or “instructive viruses”; tools for industrial espionage. In October 2000, network of Microsoft Corporation was hacked by a malicious trojan virus that entered through an email to a network user. Microsoft spokesman described this action as a pure and simple act of industrial espionage (GFI Software 2011) Leakage of Information: The crucial data of an organization are on many occasions leaked through emails. Employees who are revengeful and disgruntled or those who do not realize the harmful effects of using emails send the classified information and sensitive data outside the business house which were originally intended for keeping within the house. Financial data and classified product information are some of the examples of business secrets which if comes in the hands of competitors or unauthorized persons can cause huge damages to the business (GFI Software 2011) BBC executives and officials of UK government were found guilty of disclosures that were confidential. The disclosures were made using email as demonstrated in the 2003 Hutton enquiry. A survey of 800 workers reported in an article of PC Week of March 1999 studied that 21% to 31% people admitted of emailing company’s confidential information like financial or product data to the outside recipients (GFI Software 2011) Malicious or offensive content: A company can end up in legal proceedings if any of his staff sends emails that have offensive materials. Use of racist, sexist or other offensive materials are prohibited in many countries. Law enforcers cannot help in any manner even if such offence is done unknowingly or by an attack of virus that automatically emails to all the entries of address book (GFI Software 2011) A former employee of Holden Meehan, UK was paid ?10,000 in September 2003 for not guarding her against harassment from email. Similarly four employees of Chevron were paid $2.2 million for receiving sexually harassing email. In British law, responsibilities of emails that are written and sent by employees lie with the employer irrespective of his knowledge or consent. Norwich Union the leading insurance company paid an amount of $450,000 while settling a suit out of the court related to email comments about the competition (GFI Software 2011) Varying methods of email attacks: There are three ways in which email attacks are made today. The first way is to send malicious content as attachments to an email, the moment attachments are opened virus is installed. The second way is to send a code normally referred as worm that triggers viruses by exploiting vulnerabilities of browsers like internet explorer, email software like outlook express, etc. The third way is to send HTML mail having scripts of virus embedded in it (GFI Software 2011) Vulnerabilities in different software: All the operating systems such as Windows, Linux or Android, browsers such as Internet Explorers, Google Chrome, development tools like Visual Studio, etc., application packages like MS word, Excel, Visio, etc. and Databases like MS Access, SQL server, etc. always have some sort of vulnerability. The reason for this conclusion is the fact that each one of this software is followed by service packs and updates that removes the vulnerability identified after its release (GFI Software 2011) This vulnerability of software makes creation of virus shockingly easy. The website of SecurityFocus displays many exploits available for Microsoft Outlook. The information is available for public. Any kid can pick the code and modify it in Visual Basic to write malicious script. Similarly Guninski.com describes exploit for MS Access and Internet Explorer that can be applied to Outlook Express. Visual Basic can be used to write a virus code for using this exploit which would infect all HTML files as soon as email is opened and then send itself to all the recipient’s contacts given in his email address book. (GFI Software 2011) Insufficient protection by security tools: There are hundreds of anti-virus programs and security software yet the threat of attack and security of data remains the utmost priority and concern of all the stakeholders; the reason being that they are insufficient to provide full proof security and protection. Firewall gives the sense of security to an organization although it only protects the unauthorized users. The contents that move through emails are not protected by firewall (GFI Software 2011) Similarly no anti-virus software can protect against all email attacks or viruses. They have to update signatures in time for deadly viruses that are distributed within hours through worldwide web via email (such as Beagle worms, NetSky.B and MyDoom) (GFI Software 2011) Sixty eight percentages of British companies were found infected with virus out of the ninty nine percentages of large companies that used antivirus software in the year 2003. This was reported in the 2004 study of UK government. Similarly Hewlett-Packard’s research centre in Bristol found in 2003 that the process of signature updating used in antivirus software is flawed. The reason found was that worms and viruses spread far faster than the speed of updating of signatures by antivirus (GFI Software 2011) Junk emails or SPAM: One of the main causes of email attacks are also SPAM, or junk emails that increase the traffic for the user, enhance the chances of opening attachments and risks the deletion of important or necessary emails. There are several approaches used to fight the junk emails using filtering technologies of different types. The new versions of email software like Microsoft Internet Explorer 8 have many improved versions and features. It also includes options for junk mails referred as SPAM and automatically removes or deletes it after some days. Similarly many features of the software are made flexible giving users the option to set his own preferences. Features like blocking pop-ups that appear after every few seconds are made controllable. Allowing pop-ups can cause unnoticeable threat or danger by asking some question and showing a button to click. As soon as the user clicks on it the virus is installed and damage begins. TASK THREE DETAILED INVESTIGATION The class of exploiting emails selected for detailed investigation is the varying methods used for email attacks. Each of the three ways used for email attacks is discussed individually below. Malicious content as attachments: The first viruses that came as email attachments were Melissa and LoveLetter. The virus writer used the trust that existed between friends or colleagues. Thinking of a letter coming from friend the attachment is instantly opened in excitement and attack is made. This is how this virus worked and this is how viruses AnnaKournikoa and SirCam and other similar email worms worked. Such viruses read all the email addresses from the address book of the recipient and send itself to all of them. This virus cycle propagates like wild fire and in hours millions of emails are sent worldwide. In viruses of these types, emphasis is laid on keeping the name of attachment very attractive, inquisitive and luring so that the user open it and the virus is installed (GFI Software 2011) Many users thought that by double-clicking know file types virus would not attack but the hackers have made viruses for all types of file extensions. For example Annakournikova worm used multiple file extensions such as JPG, etc. The Class ID (CLSID) extension helps hackers to hide the actual extension concealing the fact about nasty HTA file (HTML application). Many content filtering solutions that use simple methods of file checking are also tricked by the Class ID phenomenon (GFI Software 2011). Known exploits triggered by emails: The first worm that bypassed many tools of security and broke corporate networks and highly protected servers was Nimda. It executed on its own using vulnerability of Internet Explorer and Outlook Express. It was the first virus that utilized flaw of vulnerable software to spread on internet. Similarly in 2004 a variant of the virus Bagle exploited flaw in the old Outlook. It spread without any intervention from the user (GFI Software 2011). Embedded scripts in HTML mail: The advent of sending email messages brought high quality presentation on screen for the users. It allows Active Content and scripts in HTML mail that can execute on the client machine. Internet Explorer is used by majority of the users worldwide. The components of Internet Explorer are used to display HTML email and execute the script in it. The inherited security vulnerabilities of Internet Explorer were therefore made available for use in HTML mail. The Internet Explorer component executed HTML scripts automatically on the client machine without any user intervention creating high security risk of virus attack. It also made the attachment filters in antivirus software useless (GFI Software 2011). The hacker embedded the virus script into the HTML mail and left the remaining job for the internet explorer to complete automatically without any user intervention. The large number of viruses today and its continuous threat is because of this automatic execution of the script in HTML mail. For example, BadTRans.B virus used HTML with email exploit to spread on the network. Whenever an email is received, the HMTL launches the attachment automatically (GFI Software 2011) Protection against varying methods used for email attacks: The best way to protect email systems from attacks is a proactive approach. Contents of all inbound emails as well as outbound emails needs to be checked at email server level. This checking ensures that no email contents can go for distribution with any malafide or unauthorized content (GFI Software 2011) Companies can protect against the potential lost work time or damage caused by current or future viruses by installing on their mail server, an antivirus and content checking gateway. There are many solutions available in the market today that claims to provide full security against email attacks. The features of such software solution include antivirus, content checking, exploit detection and threat analysis. Appendix 2 shows one such solution provided by GFI Security (GFI Software 2011) TASK FOUR EMAIL ENCRYPTION The transmission of emails are normally in text files which can be read easily by anybody who accesses the servers or who intercepts information exchanged on internet. Many hackers use E-mail logs that are kept by Internet Service Providers. There is an extreme concern world wide today regarding the increase of illegal industrial espionage used for marketing competition (Kryptotel 2010) One of the secured most solution suggested for protection is data encryption and decryption. The process of encryption encodes data in such a way that no one can understand or interpret it until it is decrypted by the same technology through which it was encrypted. Decryption is the process in which the encoded data is retrieved in its original form (Kryptotel 2010) Encryption is one the most modern way of protecting data from unauthorized interception or theft. There are several algorithms that are used to encrypt data and emails. The three most common algorithms used for encryption are AES, Serpent and Twofish. The transmission of encrypted data uses TLS protocol (Kryptotel 2010) Email encryption can be achieved by applying various encryption technologies available in the market. KryptoMail is one of the professional encrypted E-mail service providers that sell this service at a very reasonable cost. Appendix 3 gives details about KryptoMail and services it provides (Kryptotel 2010) Voltage SecureMail is software that offers email encryption on global scale for enterprises. Appendix 4 shows more information about this product. The main advantages and key features include following (Voltage 2011):- It is highly scalable with minimal hardware requirement for scale of over hundred thousands internal users. It is independent of client and platform and integrates to the exiting environment. Proven technologies of encryption and decryption are used to keep the email communication safe. The experience of user to handle encrypted or decrypted email is good (Voltage 2011) It also provides several other features such as the policy-based control of external messages, requests to lock message, archiving of Journal, service of enrollment simple and secure and support for 64 bit Microsoft application and platform (Voltage 2011) The advantages of encrypted emails include safety, privacy, large file size, and non-traceability of exchanged emails. Safety provided by encrypted emails include prevention from interception by unauthorized user, disabling and distortion of text that cannot be understood until decrypted and making it useless in case of theft. Privacy provided by encrypted emails includes protection of personal information from getting into the hands of others. Non-traceability includes non-keeping of any sort of log of locations from where email pass. It works all around the world as long as the connectivity of internet is there (Kryptotel 2010) The encrypted data is protected through a password. If for any reason, the password is lost, it then becomes nearly impossible to retrieve the data. Secondly the encryption of data and decryption requires additional time for processing and transmitting information. The cost of technology also increases the cost of services that uses this technology (Kryptotel 2010). TASK FIVE CONCLUSION The risk of email attacks are increasing every day in spite of various antivirus and security software. There are number of measures that must be taken for protecting organization from current and future attack. The first aspect is to have appropriate antivirus and content checking software that do not enter or leave any such content that are unauthorized, malafide and dangerous. The second aspect is the training and development of staff that uses emails. Each user must know the proper way of sending and opening emails. The third aspect is to understand the law regarding offensive materials. Each employee holding the email account and using the internet must be informed about the government policy regarding harassing colleagues or others with offensive materials. The fourth aspect is regarding non-disclosures of confidential information. The accessibility of such information should be in the first place restricted. Secondly those who have access must understand and know that sending confidential information via email can be damaging for the organization The fifth aspect is physical control prohibiting and restricting employees from using portable devices for copying data. This devices like USB, mobile phone, table PCs, etc are nowadays connected easily to a networked computer opening a gateway for malafide viruses and trojans to attack. References GFI Software, 2011. ‘GFI White PapER’, Protecting your network against email threats, GFI Software viewed 30 November 2011, Kryptotel, 2010. ‘KryptoMail- d’, Is the E-mail service that cannot be intercepted, Kryptotel Fz LLC viewed 29 November 2011, Swanson, M. 2004. ‘Email Server Setup’, Web Hosting How-tos, Developer Shed viewed 29 November 2011, Voltage, 2011, Voltage SecureMail, Voltage Security, Inc. viewed 29 November 2011, Read More