Wednesday, October 27, 2010

What Is Spam

    SPAM :The term spam refers to submitting the same message to a large group of individuals in an effort to force the message onto people who would otherwise choose not to receive this message


There are two types of spam:

 
Cancelable usenet spam refers to spam email in which a single message is sent to 2 or more usenet groups. This type of spam is directed at “lurkers”, or individuals who read newsgroups but who either do not or infrequently post or give their email addresses away. Cancelable usenet spam reduces the utility of newsgroups by forcing through advertising, and as such decreases the ability of administrators and managers of newsgroups to manage accepted topics. This spam is run at a low cost to those sending out spam.

Email spam refers to spam email that is directed at individual users with direct addresses; email spam lists are usually created by scanning usenet postings, sterling Internet mailing lists or searching the Web for addresses. A variant of this form of spam is sent directly to mailing lists and email discussions that are used by public and private forums. Email spam costs individuals submitting spam email money; for example, ISPs and onine services need to pay to transmit spam directly to subscribers.  

   
In addition, there are three main components to all types of spam:

anonymity: the sender’s identity and address are concealed.
mass mailing: spam email is sent to a large number of recipients and in high quantities. 
unsolicited: the individuals receiving spam would otherwise not have opted to receive it.

Common forms of spam include commercial advertising, usually for dubious products, such as get-rich-quick schemes, quasi-legal services, political messages, chain letters and fake spam used to spread viruses.




  

Monday, October 25, 2010

OSI LAYER Vulnerabilities and thier Controls

Layer One - the Physical Layer

The physical Layer is responsible for the physical communication between end stations.  it is concerned with the actual encoding  and transmission of data in electro- electromechanical terms of voltage and wavelength mechanical

Physical Layer Vulnerabilities
Loss of Power
Loss of Environmental Control
Physical Theft of Data and Hardware
Physical Damage or Destruction of Data and Hardware
Unauthorized changes to the functional environment (data connections, removable media, adding/removing resources)
Disconnection of Physical Data Links
Undetectable Interception of Data
Keystroke & Other Input Logging

Physical Layer Controls
Locked perimeters and enclosures
Electronic lock mechanisms for logging & detailed authorization
Video & Audio Surveillance
PIN & password secured locks
Biometric authentication systems
Data Storage Cryptography
Electromagnetic Shielding


Layer Two - Data Link Layer

The Data Link Layer is concerned with the logical elements of transmissions between two directly connected stations. It deals with issues of local topology where many stations may share a common local media. This is the layer where data packets are prepared for transmission by the physical layer.

Link Layer Vulnerability Examples
MAC Address Spoofing (station claims the identity of another)
VLAN circumvention (station may force direct communication with other stations, bypassing logical controls such as subnets and firewalls.)
Spanning Tree errors may be accidentally or purposefully introduced, causing the layer two environments to transmit packets in infinite loops.
In wireless media situations, layer two protocols may allow free connection to the network by unauthorized entities, or weak authentication and encryption may allow a false sense of security.
Switches may be forced to flood traffic to all VLAN ports rather than selectively forwarding to the appropriate ports, allowing interception of data by any device connected to a VLAN.

Link Layer Controls
MAC Address Filtering- Identifying stations by address and cross-referencing physical port or logical access
Do not use VLANs to enforce secure designs. Layers of trust should be physically isolated from one another, with policy engines such as firewalls between.
Wireless applications must be carefully evaluated for unauthorized access exposure. Built-in encryption, authentication, and MAC filtering may be applied to secure networks.


Layer Three - Network Layer

The Network layer is concerned with the global topology of the internet work - it is used to determine what path a packet would need to take to reach a final destination over multiple possible data links and paths over numerous intermediate hosts. This layer typically uses constructs such as IP addresses to identify nodes, and routing tables to identify overall paths through the network and the more immediate next-hop that a packet may be forwarded to.

Network Layer Vulnerabilities
Route spoofing - propagation of false network topology
IP Address Spoofing- false source addressing on malicious packets
Identity & Resource ID Vulnerability - Reliance on addressing to identify resources and peers can be brittle and vulnerable

Network Layer Controls
Route policy controls - Use strict anti-spoofing and route filters at network edges
Firewalls with strong filter & anti-spoof policy
ARP/Broadcast monitoring software
Implementations that minimize the ability to abuse protocol features such as
broadcast


Layer Four - Transport Layer

The Transport Layer is concerned with the transmission of data streams into the lower layers of the model, taking data streams from above and packaging them for transport, and with the reassembly and passing of incoming data packets back into a coherent stream for the upper layers of the model.

Transport Layer Vulnerabilities
Mishandling of undefined, poorly defined, or “illegal” conditions
Differences in transport protocol implementation allow “fingerprinting’ and other enumeration of host information
Overloading of transport-layer mechanisms such as port numbers limit the ability to effectively filter and qualify traffic.
Transmission mechanisms can be subject to spoofing and attack based on crafted packets and the educated guessing of flow and transmission values, allowing the disruption or seizure of control of communications.

Transport Layer Controls
Strict firewall rules limiting access to specific transmission protocols and sub- sub protocol information such as TCP/UDP port number or ICMP type
Stateful inspection at firewall layer, preventing out-of-state packets, “illegal” flags, and other phony packet profiles from entering the perimeter
Stronger transmission and layer session identification mechanisms to prevent the attack and takeover of communications


Layer Five- Session Layer

The Session Layer is concerned with the organization of data communications into logical flows. It takes the higher layer requests to send data and organizes the initiation and cessation of communication with the far end host. The session layer then presents its data flows to the transport layer below where actual transmission begins.

Session Layer Vulnerabilities
Weak or non-existent authentication mechanisms
Passing of session credentials such as user ID and password in the clear, allowing intercept and unauthorized use
Session identification may be subject to spoofing and hijack
Leakage of information based on failed authentication attempts
Unlimited failed sessions allow brute-force attacks on access credentials
Session Layer Controls
Encrypted password exchange and storage
Accounts have specific expirations for credentials and authorization
Protect session identification information via random/cryptographic means
Limit failed session attempts via timing mechanism, not lockout


Layer Six- Presentation Layer

The Presentation Layer deals with the organization of data passed from the application layer into the network. This layer allows for the standardization of data and the communication of data between dissimilar hosts, such as platforms with different binary number representation schemes or character sets (ASCII vs. UNICODE, for example.)

Presentation Layer Vulnerabilities
Poor handling of unexpected input can lead to application crashes or surrender of control to execute arbitrary instructions.
Unintentional or ill-advised use of externally supplied input in control contexts may allow remote manipulation or information leakage.
Cryptographic flaws may be exploited to circumvent privacy protections

Presentation Layer Controls
Careful specification and checking of received input incoming into applications or library functions
Separation of user input and program control functions- input should be sanitized and sanity checked before being passed into functions that use the input to control operation
Careful and continuous review of cryptography solutions to ensure current security versus know and emerging threats


Layer Seven- Application Layer

The Application Layer deals with the high-level functions of programs that may utilize the network. User interface and primary function live at this layer. All functions not pertaining directly to network operation occur at this layer

Application Layer Vulnerabilities
Open design issues allow free use of application resources by unintended parties
Backdoors and application design flaws bypass standard security controls
Inadequate security controls force “all-or-nothing” approach, resulting in either excessive or insufficient access.
Overly complex application security controls tend to be bypassed or poorly understood and implemented.
Program logic flaws may be accidentally or purposely used to crash programs or cause undesired behavior

Application Layer Controls
Application level access controls to define and enforce access to application resources.
Controls must be detailed and flexible, but also straightforward to prevent complexity issues from masking policy and implementation weakness
Standards, testing, and review of application code and functionality-A baseline is used to measure application implementation and recommend improvements
IDS systems to monitor application inquiries and activity
Some host-based firewall systems can regulate traffic by application, preventing unauthorized or covert use of the network.






Sunday, October 24, 2010

How to find header in email

What is an Email Header?

It is a record/report/history of  the email which covers the path from the sender to the receiver and also contains the vital information about the mail servers that it has encountered in its path.Few emails also contain digital signature to detect the tampering of the mail in the path.



What information we can get from Email headers?

As i mentioned above we can get the history of the mail and the information on the path the mail has traveled to reach us.Lets see what information we can get from it.....

                               

            1.When the sender has composed the message(Date,Time)


            2.When the email was sent from the sender's PC to the mail server.(Date,Time)

            3.When the email was sent from the mail server to the intended receiver.(Date,Time)

            4.The type of protocol used in the entire path.

            5.The PC of the sender can be identified from the Header.

            6.The IP address of the sender but not always.


            7.The type and the number of digital signatures on the mail I mean the type of algorithm.

            8.What type of email-client the sender has used to send the mail

            9.The ISP of the sender. 

           10.If any third party is using any tracking means.




How to view Header of an Email?



Here I have listed out not all but few of the web mail providers and email client.



Web mail providers:


1.Gmail: Login in a standard version >Open mail of your choice >Click the down arrow next to reply >Then select show original.




2.Yahoo: Login >Select the desired mail >Click on action drop down menu >Select view full header.



3.Hotmail: Login >Select Inbox >Right click on the desired mail >Select view message source.




Email Desktop Clients:


1.Outlook Express: Open it >Select  the desired mail from Inbox >Right click on it and select Properties >Details.



2.Mozilla:Open it >Open the desired mail > Click view menu >Message source.

Saturday, October 23, 2010

Finding the IP Address of An Email Sender

Internet emails are designed to carry the IP address of the computer from which the email was sent. This IP address is stored in an email header delivered to the recipient along with the message. Email headers can be thought of like envelopes for postal mail. They contain the electronic equivalent of addressing and postmarks that reflect the routing of mail from source to destination.

Read more...