Information security advanced

/JamiL.Alagha
/JamiLALagha

Information Security Advanced
CUSTOM REPORT

REPORT | A. JAMIL ALAGHA

Agenda
 Session Hijacking
 Attack
 SYN flood
 Sequence predictability
 Internet Control Message Protocol (ICMP)
 Firewalls
 The Demilitarized Zone – DMZ
 E-Mail Security
 Email Communication

Report | A. Jamil Alagha ©2013

Risks and Problems

Session Hijacking
 used against services with
 persistent login sessions
 as Telnet, rlogin, or FTP.
 cause a great deal of damage.


Attacks
 There are



two attacks that use this technology

SYN flood
sequence predictability


SYN Flood Attack - 1



uses a TCP connection request (SYN).
SYN is sent to the target computer With


the source IP address in the packet “spoofed,”




that belongs to another computer.

or

replaced with an address that is not in use on the Internet or


SYN Flood Attack -2
–

When the target computer receives the connection request
•
•

•

•

it allocates resources (memory + wait) to handle and track the new
connection.
A SYN_RECEIVED state is stored in a buffer register awaiting the
return response (ACK) from the initiating computer
– which would complete the three-way handshake.
It then sends out an SYN-ACK.
– If the response is sent to the “spoofed,” nonexistent IP address,
there will never be a response.
– If the SYN-ACK is sent to a real computer, it checks to see if it
has a SYN in the buffer to that IP address.
– Because it does not, it ignores the request.
– The target computer retransmits the SYN-ACK a number of
times.
– After a finite amount of wait time, the original SYN request is
purged from the buffer of the target computer.
This condition is known as a half-open socket.


SYN Flood Attack - 3
• As an example
– the default configuration for a Windows NT 3.5x or 4.0
computer is to retransmit the SYNACK five times, doubling
the timeout value after each retransmission.
•
•

•

•

The initial timeout value is 3 seconds, so retries are attempted at
3, 6, 12, 24, and 48 seconds.
After the last retransmission, 96 seconds are allowed to pass
before the computer gives up on receiving a response and
deallocates the resources that were set aside earlier for the
connection.
The total elapsed time that resources are in use is 189 seconds.
ASS: what about Linux


C

S
SYNC1
SYNC2
SYNC3
SYNC4
SYNC5


Listening
Store data

SYN Flood Attack -4
• An attacker
– will send many of these TCP SYNs
– to tie up as many resources as possible on the
target computer.
• Because the buffer size for the storage of SYNs is a finite

size, numerous attempts can cause a buffer overflow.
• The effect of tying up connection resources varies,
depending on the TCP/IP stack and applications listening
on the TCP port.
–
–

–

For most stacks, there is a limit on the number of connections that can
be in the half-open SYN_RECEIVED state.
Once the limit is reached for a given TCP port, the target computer
responds with a reset to all further connection requests until
resources are freed.
Using this method, an attacker can cause a DoS on several ports.


SYN Flood Attack -5
 Finding the source of a SYN flood attack can be

very difficult.


A network

analyzer

can be used to try to track down the problem
 and it may be necessary to contact the ISP for assistance in
attempting to trace the source.


 Firewalls


should be set up to reject packets from the external network
with any IP address from the internal network.


Sequence Predictability
• The ability to guess sequence numbers is very

useful to intruders
–

–

because they can create a short-lived connection to a host
without having to see the reply packets.
This ability, taken in combination with the fact that many
hosts have trust relationships that use IP addresses as
authentication; that packets are easily spoofed; and that
individuals can mount DoS attacks, means one can
impersonate (present) the trusted systems to break into such
machines without using source routing.


• If an intruder wants to spoof

a connection between
two computers so that the connection seems as if it is
coming from computer B to computer A, using your
computer C, it works like this:
the intruder uses computer C to

1.

•

mount (+) a SYN Flood attack on the ports on computer B where
the impersonating will take place.

computer C

2.

•

sends a normal SYN to a port on computer A.

Computer A

3.

•

returns a SYN-ACK to computer C containing computer A’s
current Initial Sequence Number (ISN).


4.

Computer A - internally increments the ISN.
–
This incrementation is done differently in different operating
systems (OSs).
»

Operating systems such as BSD, HPUX, Irix, SunOS (not
Solaris), and others usually increment by $FA00 for each
connection and double each second.

With this information, the intruder can now guess the ISN
that computer A will pick for the next connection.
–
Now comes the spoof.
Computer C
–
sends a SYN to computer A using the source IP spoofed as
computer B.
Computer A
–
sends a SYN-ACK back to computer B, containing the ISN.
–

5.

6.

»

The intruder on computer C does not see this, but the intruder
has guessed the ISN.

7.

8.

9.
10.

At this point, computer B
–
would respond to computer A with an RST.
–
This occurs because computer B does not have a SYN_RECEIVED
from computer A.
–
Since the intruder used a SYN Flood attack on computer B, it will
not respond.
The intruder on computer C
–
sends an ACK to computer A, using the source IP spoofed as
computer B, containing the guessed ISN+1.
–
If the guess was correct, computer A now thinks there
has been a successful three-way handshake and the TCP connection
between computer A and computer B is fully set up.
–
Now the spoof is complete.
–
The intruder on computer C can do anything, but blindly.
Computer C
–
sends echo + + >>/.rhosts to port 514 on computer A.
If root on computer A had computer B in its /.rhosts file, the intruder
has root.


11.

Computer C

now sends a FIN to computer A.

could be brutal and send an RST to computer A just to
clean up things.

could also send an RST to the synflooded port on B,
leaving no traces.


SYN flood + sequence predictability
• To
–
–

prevent such attacks

Prevent SYN flood attacks by discarding the first SYN packet (causes delay for legitimate
users)
one
•

–

Routers and firewalls
•

–

should NEVER trust anything from the Internet.

should filter out any packets that are coming from
– the external (sometimes known as the red) side of the firewall that has an IP address of
a computer on the internal (sometimes known as the blue) side.
– This only stops Internet trust exploits; it will not stop spoofs that build on intranet
trusts.

Companies
•
•
•
•
•

should avoid using rhosts files wherever possible.
The /etc/hosts.equiv and .rhosts files provide the "remote authentication" database for
rlogin, rsh, and rcp
The files specify remote hosts and users that are considered "trusted"
Trusted users are allowed to access the local system without supplying a password
The /etc/hosts.equiv file applies to the entire system, while individual users can maintain
their own .rhosts files in their home directories


Internet Control Message Protocol (ICMP)


ICMP
A major component of the TCP/IP Internet Layer
 is used for
 flow control, detecting unreachable destinations, redirection
routes, and checking remote hosts.
 Most users are interested in.
 Checking a remote host


• is accomplished by (PING)- sending an ICMP Echo Message.


ICMP
• When a system receives ICMP Echo Messages,
– it places the message in a buffer and then retransmits the message from
the buffer back to the source.
– Due to the buffer size, the ICMP Echo Message size cannot exceed 64K.
•

•

–

UNIX hosts,
– by default, will send an ICMP Echo Message that is 64 bytes long.
– They will not allow a message of over 64K.
Microsoft Windows NT,
– longer messages can be sent.
– The Windows NT hosts do not place an upper limit on these messages.
– Intruders have been sending messages of 1 MB and larger.
– When these messages are received, they cause a buffer overflow on the
target host.

Different operating systems
•
•

will react differently to this buffer overflow.
The reactions range from rebooting to a total system crash.


Firewalls
• The first line of defense between the Internet and an

intranet.
• a multi-homed host
–
–

placed in the Internet route,
such that it stops and can make decisions about each packet that
wants to get through.

• performs a different function from a router.
– A router
•
•
–

can be used to filter out certain packets that meet a specific criterion
(e.g., an IP address).
processes the packets up through the IP Layer.

A firewall stops all packets.
•

•

All packets are processed up through the Application Layer.
Routers
–

cannot perform all the functions of a firewall.


Firewalls
•

A firewall should - meet at least, the following criteria
– For an internal or external host to connect to the other network,
it must log in on the firewall host.
– All electronic mail is sent to the firewall, which in turn
distributes it.

• Firewall should not
– mount file systems via NFS, nor should any of its file systems be
mounted.
– run NIS (Network Information Systems).
– Only required users should have accounts on the firewall host.
– trust any other host.

The Demilitarized Zone - DMZ
• Companies - Internet presence.
– FTP + WWW sites.
– +setting up hosts
•

to act as a proxy server for Internet mail and a Domain Name
Server (DNS).

•

–

that sponsors these functions cannot be on the inside of the firewall.

Therefore
•

Create demilitarized zone (DMZ) or perimeter network
– a segment between the router that connects to the Internet and
the firewall.


Proxy Servers – a One Image
 A proxy host
 is a dual-homed host - has at least two network interfaces.


Proxy Servers – a One Image
•

A proxy host
–
–
–
–
–
–

•

One of the functions
–

•
•

is a dual-homed host - has at least two network interfaces.
that is dedicated to a particular service or set of services, such as mail.
All external requests to that service directed toward the internal network are routed to the
proxy.
The proxy host then evaluates the request and either passes the request on to the internal
service server or discards it.
The reverse is also true.
Internal requests are passed to the proxy from the service server before they are passed on to
the Internet.
is to protect the company from advertising its internal network scheme.

Most proxy software packages contain network address translation (NAT).
Take, for example, a mail server.
–
–
–

The mail from Albert_Smith@starwars.abc.com would be translated to smith@proxy.abc.com
as it went out to the Internet.
Mail sent to smith@proxy.abc.com would be sent to the mail proxy.
Here It would be readdressed to Albert_Smith@starwars.abc.com and sent to the internal mail
server for final delivery.


Testing the Perimeter
• Use the Internet taking risks to be recognize.
• The Internet and intranets
– Changes — new protocols, new applications, and new
technologies

• Company’s security practices
–

to adapt
•

•
•

•

to these changes.

the security process should be viewed as forming a circle.
The first step is to assess the current state of security within one’s
intranet and along the perimeter.
Once one understands where one is, then one can deploy a security
solution.
If you do not monitor that solution by enabling some detection and
devising a response plan, the solution is useless.



assessment

• The
process may repeated
– the solution is monitored and tested,
– further weaknesses to be learned and dealt with.
– Continuous improvement - ensure protection.
• As part of the process
– a company must perform some sort of vulnerability checking on a
regular basis.
– done by
•

•

–

the company, or
it may choose to have an independent group do the testing.

The company’s security policy should state how
•
•

•
•

the firewall and the other hosts in the DMZ are to be configured.
to be validated and then periodically checked to ensure that they have not
changed.
may find additional weaknesses - the policy needs to be changed.
Security = updated technology + clear policy (outline the procedures)


• DNS records - One source of information.
• Two basic DNS services
– Lookup activities
•

–

used to resolve IP addresses into host names or to do the
reverse.

A zone transfer
•

•

•

happens when one DNS server (a secondary server) asks
another DNS server (the primary server) for all the information
that it knows about a particular part of the DNS tree (a
zone).
Only between DNS servers that are supposed to be providing the
same information.

Users can also request a zone


transfer.

A good security policy is to disallow zone transfers on external DNS servers.

–

A
•
•
•

•

zone transfer
is accomplished using the nslookup command in interactive mode.
can be used to check for information leaks.
This procedure can show hosts, their IP addresses, and operating
systems.
– This information can be used by an intruder to attack or spoof
other hosts.
– If this is not operationally possible, as a general rule, DNS
servers outside of the firewall (on the red side) should not list
hosts within the firewall (on the blue side).
Listing internal hosts only helps intruders gain network mapping
information and gives them an idea of the internal IP addressing
scheme.


 In addition to trying to do a zone transfer
 the DNS records should be




checked to ensure that they are correct and that they have not
changed.

Domain Information Gofer (DIG) is a flexible command-line
tool that is used to


gather information from the DNS servers.


• The ping command,
–
–

has the ability to determine the status of a remote host using the ICMP Echo
Message.
If a host is
• running and is reachable by the message, the PING program will return an
“alive” message.

•

–

not reachable and the host name can be resolved by DNS, the program
returns a “host not responding” message;

• otherwise, an “unknown host” message is obtained.
An intruder can use
• the PING program to set up a “war dialer.”
• War dialer = wardialing
– is a program that systematically goes through the IP addresses one after another,
looking for “alive” or “not responding” hosts.
• To prevent intruders from mapping internal networks,
– the firewall should screen out ICMP messages.
– This can be done by not allowing ICMP messages to go through to the internal
network or go out from the internal network.


• The traceroute program
–
–
–

useful for network debugging.
can use to test the corporate perimeter (network component).
used to check the “time-to-live” (ttl) parameter and routes.
•
•
•
•
•

–

Checking the various jumps not only shows the routes, but it can show possible
problems that may give an intruder information or leads.
•

–
–

sends a series of three UDP packets with an ICMP packet incorporated during its
check.
The ttl of each packet is similar.
As the ttl expires, it sends the ICMP packet back to the originating host with the IP
address of the host where it expired.
Each successive broadcast uses a longer ttl.
By continuing to send longer ttls, traceroute pieces together the successive jumps.
This information might show a place where an intruder might successfully launch
an attack.

These are hops that could be used by intruders to create DoSs.
Duplicate entries for successive hops are indications of bugs in the kernel of that
gateway or looping within the routing table.


• Important aspect of firewall and proxy server testing
– Checking the
•

–

Tools
•

•
•
•

–

open ports and services available
the freeware program strobe
IBM Network Services Auditor (NSA)
ISS Internet Scanner™,
and
AXENT Technologies NetRecon™

that can perform
•
•
•

a selective probe of the target UNIX or Windows NT network
communication services, operating systems and key applications.
use a comprehensive set of penetration() tests.
The software searches for
– weaknesses most often exploited by intruders to gain access to a
network,
– analyzes security risks,
and
– provides a series of highly informative reports and recommended
corrective actions.


• There have been numerous attacks in the past year that

have been directed at specific ports.
–

The teardrop, newtear, oob, and land.c are only a few of the recent
attacks.

• Firewalls and proxy hosts should have only the minimum

number of ports open.
–

By default, the following ports are open as shipped by the vendor, and
should be closed:
•
•
•
•
•
•
•
•
•

echo on TCP port 7
echo on UDP port 7
discard on TCP port 9
daytime on TCP port 13
daytime on UDP port 13
chargen on TCP port 19
chargen on UDP port 19
NetBIOS-NS on UDP port 137
NetBIOS-ssn on TCP port 139


• Other sources of information leaks
–
–
–
–

Telnet, FTP, and Sendmail programs.
They all, by default, advertise the operating system or service type and
version.
They also may advertise the host name.
This feature can be turned off and a more appropriate warning messages
should be put in its place.

• Sendmail
– has a feature that will allow the administrator to expand or verify users. This
feature should not be turned-on on any host in the DMZ.
– An intruder
•
•
•

would only have to Telnet to the Sendmail port to obtain user account names.
There are a number of well-known user accounts that an intruder would test.
This method works even if the finger command is disabled.


• VRFY and EXPN
– VRFY
•
•
–

EXPN
•
•

–
–

asks the server to verify an address.
Its parameter may be an encoded address or a user name in a server-defined
format.

asks the server for the membership of a mailing list.
Its parameter may be an encoded address or a list name in a server-defined format.

allow an intruder to determine if an account exists on a system and can provide a
significant aid to a brute-force attack on user accounts.
If you are running
•

Sendmail - add the lines Opnovrfy and Opnoexpn to your Sendmail
configuration file, usually located in /etc/sendmail.cf.

•

With other mail servers -

contact the vendor for
information on how to disable the verify
command.


• Another important check that needs to be run on these

hosts in the DMZ is
–

a validation that the system and important application files are valid
and not hacked.
•
•

This is done by running a checksum or a cyclic redundancy check
(CRC) on the files.
Because these values are not stored anywhere on the host, external
applications need to be used for this function.

• Some suggested security products
–

freeware applications such as
•

–

COPS and Tripwire, or

third-party commercial products like
•

AXENT Technologies Enterprise Security Manager™ (ESM), ISS
RealSecure™ or Kane Security Analyst™.


Communication Layers


Current E-mail Standards
 Four primary areas
 SMTP (Simple Mail Transfer Protocol)
 “Standard for the Format of ARPA Internet Text
Messages
 DNS (Domain Name System)
 S/MIME (Secure/MIME), PEM (Privacy Enhancement
for Internet Electronic Mail).

user
agent

SMTP


sender’s mail
server

SMTP

Access protocls
POP3, http
receiver’s mail
IMAP
server

user
agent

SMTP Simple Mail Transfer Protocol.
 Specifies


the format of e-mail messages
Header
 Readable text
 Divided into lines of the form: <keyword>: <value>

• Keywords are either required, optional, or
uninterpreted



Body
 Separated from the header by a blank line
 No restrictions on format or contents
the details of e-mail exchange between two computers


SMTP: protocol for exchanging
email msgs
RFC 822: standard for text
message format:
• header lines, e.g.,
– To:
– From:
– Subject:
different from SMTP
commands!

• body
– the “message”, ASCII
characters only


header

body

blank
line

SMTP
 Send email without using email client




Try
telnet servername 25
see
220 reply from server
enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands

 how a client on one machine transfers e-mail to a server on another

machine
 Client

establishes a connection to the server (typically using TCP)
 waits for server to send a 220 READY FOR MAIL message
 sends a HELO message




Server replies




250 <server>, hello <client>, pleased to meet you

Client


sends a MAIL FROM: <sender> message


Sample SMTP interaction
S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
S:
C:
S:

220 hamburger.edu
HELO crepes.fr
250 Hello crepes.fr, pleased to meet you
MAIL FROM: alice@crepes.fr
250 alice@crepes.fr... Sender ok
RCPT TO: bob@hamburger.edu
250 bob@hamburger.edu ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Do you like ketchup?
How about pickles?

250 Message accepted for delivery
QUIT
221 hamburger.edu closing connection


required command
set:
HELO - Initial State Identification
MAIL- Mail Sender Reverse Path
RCPT - One Recipient’s Forward Path
DATA - Mail Message Text State
RSET - Abort Transaction and Reset all
buffers
NOOP - No Operation
QUIT- Commit Message and Close Channel

SMTP
1
user
agent

2

mail
server
3

4

mail
server
5

6

user
agent

Mail servers: Always on and always accessible, Transferring e-mail to and from other servers
 User agents: Sometimes on and sometimes accessible, Intuitive interface for the user


1) Alice uses UA to compose message “to”
bob@someschool.edu
2) Alice’s UA sends message to her mail
server; message placed in message queue
3) Client side of SMTP opens TCP
connection with Bob’s mail server


4) SMTP client sends Alice’s message
over the TCP connection
5) Bob’s mail server places the message
in Bob’s mailbox
6) Bob invokes his user agent to read
message

SMTP Security
 SMTP does not provide any protection of e-mail

messages


Intermediate hosts (MTA - message Transfer Agents) can:


Read, Modify, Delay, Destroy

 Sender Authentication limitation
 e-mail forgery




E-mail spamming




Easy to create phony (fraud) e-mail messages that appear to have come
from an arbitrary source
is still a major problem.

SMTP-AUTH


Standard for the Format of ARPA Internet Text Messages



defines




the format of the messages to be exchanged.

Important- MIME
Multipurpose Internet Mail Extensions
 that specify a standard method to encode multi-part message
bodies, including nontextual information.



DNS
 DNS (Domain Name System).
 Purpose
to

relate Internet IP addresses with computer
names.

 Extended
to

aid SMTP e-mail routing.

 Currently

- MX (Mail eXchanger) records.

Use over the Internet
Replaced the routing originally defined in SMTP.

S/MIME, PEM
 PEM

(Privacy Enhancement for Internet Electronic Mail)
(Secure/MIME)



& S/MIME

allow for a variety of security features Including
encryption and decryption of e-mail content
 message integrity protection
 nonrepudiation of origin.



Access Protocol :Standards to Retrieve Msg from servers



IMAP (Interactive Mail Access Protocol).
POP (Post Office Protocol).

user
agent

SMTP
sender’s mail
server


POP3 or
IMAP

SMTP
receiver’s mail
server

user
agent

IMAP
 IMAP - Interactive Mail Access Protocol


defines
a standard for client/server interaction between e-mail clients and
servers.
 It is currently the de facto standard for open-standards e-mail systems
but is also available as an alternate access method for many proprietary
e-mail server systems.




designed


to allow clients extensive control message store
 Retrieval
 Deletion
 server-based searches
 refiling messages between folders
 message status
 shared public (multiuser) folders
 etc.


POP
 POP - Post Office Protocol.
 defines
a standard for how e-mail clients can
 retrieve headers or messages from a server
 request messages to be deleted from the server.
 While still in widespread use, it is currently relegated to minimal
client and server implementations, and is being overtaken in
robust systems by IMAP.



GOALS AND NON-GOALS
 Basic design goals of email
 an effective e-mail system
 communication
 ease of use
 reliability.
 Security - Policies, plans, techniques, and devices DO NOT
 unduly limit the functionality
 prevent ease of use of the application.


GOALS AND NON-GOALS
 Basic elements of email application
 Standard format
message format
 users to exchange messages




Organization




All messages include fields
 originator (from), recipients (to, and possibly cc bcc), submission
date, and subject.

Security


Users can only read
 their own mail,
 messages they create are identified as originating from their
accounts.


GOALS AND NON-GOALS
 Improve the elements:


Interoperability (to be solve)




≠ often in direct conflict with security

The ability to exchange messages between networks of individual
computer systems.

Transport of contextual information


The capability to include or attach computer data types such as
 audio, video, static images, databases, spreadsheets, executable
files or scripts, etc.


Elements with Security Areas
 Control access
 only legitimate users can access systems and services.
 Prevent
 loss of or damage to data.
 theft of data or services.
 inappropriate dissemination of data.

 Monitor
 for compliance with
law
 organizational policies.



Email Communication

Risks and Problems
 Limiting network connectivity from the Internet to e-

mail servers.
 Communication



e-mail to allow the users in different organization to communicate
(Internet).
it does not require direct network connectivity between those e-mail
servers and the Internet.

 To limit network connectivity from the Internet to an
organization’s e-mail servers


one will have
standard bastion network between the Internet (insecure) and the
organization’s internal network, and
 a mail relay device will need to be installed on the bastion network



Limiting network connectivity from the
Internet to e-mail servers.


Email Communication

Risks and Problems
 Exterior firewall


provide




some protection to the e-mail relay system,

must allow


some communications between the e-mail relay and external servers.

 Hackers


have the opportunity to attempt attacks through the e-mail channels provided.

 The protections:


implementing the relay system in the bastion network include the following:
 intrusion


Because it is the only system that can be directly attacked from the Internet.

 transient


detection - ID
messages - TM

If compromised, the relay system contains only transient messages.

 Denial-of-service


attacks - DoS

launched against the relay may not prevent intra-organizational traffic from functioning
normally.


Email Communication

Risks and Problems
 Hacker
 will only be able to do
limited damage and
 disrupt service between internal users and external users.




will need to
have the ability to fully compromise the relay server,
 spend the time and effort to do so before being able to use it as a
platform to directly attack the internal mail servers.



Email Communication

Risks and Problems
 Some firewall vendors
 provide a similar functionality within a single firewall.
the firewall itself assumes the role of the e-mail relay.
 not as robust a solution as a functionally separate
 allowing direct network communications between the insecure
network and the internal mail servers.



Email Communication

Risks and Problems
 Problem: sensitive information
 Content of e-mail messages traveling over the Internet
 need to be protected from third-party monitoring.
 Solution: encryption
 Multiple standards for e-mail encryption
 none is currently widely deployed.
 achieved by utilizing encryption that occurs within each user’s
e-mail client software.


Encryption


Encryption
 Message
 encrypted within the sender’s system.
 Problems
 Encryption only occurs when the sender remembers to activate
the feature.
 Two sides must agree on
utilizing the same encryption schemes (S/MIME, PGP, etc.).
 Key(s) - exchange



Solution: Encrypted VPN


for network connectivity between geographically separate offices
of the same or related organizations.


Encrypting Appliance ??
 encrypting appliance
 For communications between




can be installed between




two business partners’ systems ≠ VPN
the internal mail servers and the insecure networks.

is configure to


encrypt/decrypt traffic exchanged with specific configured sites

 allowing
 pass

traffic to

through nonencrypted to nonconfigured sites


Encrypting Appliance


Encryption Standards
 For massage passing
 between the servers and the users’ workstations.
 Most e-mail application software systems
 have the ability to encrypt the communications channel
between the client and server software.
 encryption using increases the load on the server.


it is generally disabled by default.

 Some systems utilize encryption schemes (SSL/TLS).


Access Methods
 Special attention
 for users accessing (remotely) e-mail from home
or while traveling.
Economically
increasingly utilizing the Internet as
connectivity.
Access methods - need to be considered when planning this encryption


SMTP, POP, IMAP, etc.

 Alternative 
 encryption-capable remote access servers

Encryption-capable remote access servers



used




Forming




to form encrypted tunnels directly to software installed on the user’s workstation.

VPN tunnels

Provides


more than e-mail connectivity.


Thanks to watching
FOR QUESTION | CONTACT TO ME

/JamiLALagha
/JamiL.Alagha

Information security advanced

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Information security advanced

Similar a Information security advanced (20)

Último

Último (20)

Information security advanced