[go: up one dir, main page]
Scribd
Upload
7 views25 pages

Module6 2

Infomation Security

Uploaded by

wofaco9718
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views25 pages

Module6 2

Infomation Security

Uploaded by

wofaco9718
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

1. What is it?

2. Why phishing?
3. What can I do?
Phishing is the most common way attackers
illegally access systems.
A phishing message is designed to trick you
Into doing one of these four things.

Click Here!
USERNAME

************

Click an Open an Type your Transfer


Unsafe Link Unsafe File Password Funds
Cyber attackers phish for different reasons,
But they all phish.
Cyber attackers phish for different reasons,
But they all phish.
Criminals Intelligence Hacktivists
Money Sensitive Data Public Web Pages
Fraud Network Access Social Media
Identity Theft Infrastructure
Phishing messages are designed to get you to
react quickly without thinking too much.
Phishing messages are designed to get you to
react quickly without thinking too much.

Sense of Urgency Offers of Money Confirmations

Odd Requests Rewards IT Support


What happens when I get a phishing email?
What happens when I get a phishing email?

Click Delete Report


What happens if I click? (1/2)

Identity Data Leak


Theft
Data Account
Destruction Takeover

Password Stolen
What happens if I click? (2/2)

Stolen Ransomware
Password

Remote Network
Access Compromise

Malware Installed
What happens if I delete?

You’re safe…
What happens if I delete?

You’re safe…for now.


What happens if I report?

Review Block
Links Domains

Check Remove
Accounts Messages
If you aren’t sure…

Please Or
Click Here
To Confirm.

Skip the Link Go to The Source


Ignore the File
Rebecca Requestersen
Francine Moneybags #1
Transfer Problem
The Wire
Hello Francine, Transfer
I am trying to get payment to
a vendor. It is important they
get paid by close of business.
Can you please wire 7,540 to…
IT Help
Wendel Windowson #2
Suspicious Activity
The IT
Hello Wendel, Support
Your computer has been infected
with the RealBad2.0 Malware
Alert
that you saw on the news. You
must Click Here to use our scan
Within 12 hours.
Super Shoppers, LLC
Sonia Shopper #3
Package Damaged
Confirm
Dear Sonia,
Now!
We apologize in advance, but
your recent order was damaged
in delivery. We are unable to
issue a refund until you confirm
Account details with this form.
Security@CrazyMail.Net
Malia Mailer #4
Password Compromise
Password
Dear Malia,
Reset
Your account has been locked
due to potential compromise.
You must go to this site to secure
your account.
CrazyMail Secure Reset
N.Trouble@g.Harvard.edu
Gary Goodegg #5
HELP!!!
Cry for
HI,
Help
I need to submit this file for class
but it won’t open on my
computer. Can you PLEASE (!)
save it as a PDF and send to
me???
eFaxService@proserv.ly
Sandy Scanner #6
Your
Attach
efax Premium User,
And Attack
Your electronic fax is attached.
This file is intended only for the
recipient and is considered
confidential.
This is not my document.
PGP
• PGP stands for Pretty Good Privacy. It was invented by Phil Zimmerman in 1991. Originally a free
package, it became a commercial product after being bought by Network Associates in 1996. A
freeware version is still available. PGP is widely available, both in commercial versions and
freeware.
• The problem we have frequently found with using cryptography is generating a common
cryptographic key both sender and receiver can have, but nobody else.
• PGP addresses the key distribution problem with what is called a “ring of trust” or a user’s
“keyring.”
• One user directly gives a public key to another, or the second user fetches the first’s public key
from a server. Some people include their PGP public keys at the bottom of email messages. And
one person can give a second person’s key to a third (and a fourth, and so on).
• Thus, the key association problem becomes one of caveat emptor (let the buyer beware): If I trust
you, I may also trust the keys you give me for other people.
• The model breaks down intellectually when you give me all the keys you received from people,
who in turn gave you all the keys they got from still other people, who gave them all their keys,
and so forth.

23-11-2024 22
PGP
• You sign each key you give me. The keys you give me may also have been signed by other
people.
• I decide to trust the veracity of a key-and-identity combination, based on who signed the
key.
• PGP does not mandate a policy for establishing trust. Rather, each user is free to decide
how much to trust each key received.
• The PGP processing performs some or all of the following actions, depending on whether
confidentiality, integrity, authenticity, or some combination of these is selected:
• Create a random session key for a symmetric algorithm.
• Encrypt the message, using the session key (for message confidentiality).
• Encrypt the session key under the recipient’s public key.
• Generate a message digest or hash of the message; sign the hash by encrypting it with the sender’s
private key (for message integrity and authenticity).
• Attach the encrypted session key to the encrypted message and digest.
• Transmit the message to the recipient.
• The recipient reverses these steps to retrieve and validate the message content.
23-11-2024 23
S/MIME
• An Internet standard governs how email is sent and received.
• The general MIME specification defines the format and handling of email attachments.
• S/MIME (Secure Multipurpose Internet Mail Extensions) is the Internet standard for
secure email attachments. S/MIME is very much like PGP and its predecessors, PEM
(Privacy-Enhanced Mail) and RIPEM.
• S/MIME has been adopted in commercial email packages, such as Eudora and Microsoft
Outlook.
• The principal difference between S/MIME and PGP is the method of key exchange.
• Basic PGP depends on each user’s exchanging keys with all potential recipients and
establishing a ring of trusted recipients; it also requires establishing a degree of trust in
the authenticity of the keys for those recipients.

23-11-2024 24
S/MIME
• S/MIME uses hierarchically validated certificates, usually represented in X.509 format, for
key exchange. Thus, with S/MIME, the sender and recipient do not need to have
exchanged keys in advance as long as they have a common certifier they both trust.
• S/MIME works with a variety of cryptographic algorithms, such as DES, AES, and RC2 for
symmetric encryption.
• S/MIME performs security transformations very similar to those for PGP. PGP was
originally designed for plaintext messages, but S/MIME handles (secures) all sorts of
attachments, such as data files (for example, spreadsheets, graphics, presentations,
movies, and sound).
• Because it is integrated into many commercial email packages, S/MIME is likely to
dominate the secure email market.

23-11-2024 25

You might also like