Tuesday, November 2, 2010

How to encrypt email in Outlook 2007

There are many reasons why you might want to encrypt your email. Be it to keep company secrets from unwanted eyes, privacy requirements of your job, or a general fear of someone gaining too much information about you. For whatever reason you have, you need to be able to sign and encrypt your email. There are many ways to do this, but Outlook does a very poor job of making this task user friendly. So, for those that are in need of encryption in Outlook 2007, I present to you the steps to take care of this task.
What you will need:
  • Outlook 2007.
  • A Digital ID from one of many sources (check this site for a list of sources of digital IDs). NOTE: Most of these source do charge for keys. CoSign has a desktop key for $9.95 per month.
  • The shared certificate from the contact you wish to send encrypted mail to.

Get and set up your certificate

The first step you need to take is to get your Digital ID. The process for this will depend upon which ID you purchase. But more than likely your ID will come in the form of an executable installation that will add your ID to your Windows 7 machine. Once added, that ID will become available to Outlook.
To make sure your ID is available in Outlook click Tools | Trust Center and then E-mail Security. In this window, click on Settings, which will open up the Change Security Settings window (see Figure A).

Figure A


Make sure the Cryptography Format is set to S/MIME.
For this new window click on the Choose button in the Encryption Certificate section and then select the certificate you want to use. You will also want to make sure the Hash Algorithm is set to SHA1 for Signing Certificates. Your Encryption algorithm will be set by your Digital ID, so you can’t change that option.
With your certificate in place, you are almost ready to send an encrypted email. But first, you have to share digital IDs with the recipient of the encrypted email. Let’s see how this is done.

Sharing digital IDs

All you have to do is exchange digitally signed emails with the person you want to send encrypted email with. When each person receives the digitally SIGNED (not encrypted) email it will have a signed icon. From this digitally-signed message right-click the user’s name in the From field and add the user to your contacts. When this user is added to the contacts, their Digital ID will be added along with it.
You can also obtain Digital Certificates from a directory service or the Exchange Global Address Book.
Once you have the Digital ID of the user added to your contacts you are now able to send encrypted email to that user.
You will also want to send your Digital ID to the user who will receive your encrypted email. To do this, compose an email to the recipient and then click the Digitally Sign Message icon (see Figure B).

Figure B


The sign icon is the yellow envelope with the red pin.

Encrypting an email

Now it’s time to encrypt an email. It’s very similar to signing an email, only when you compose the mail you will click the Encrypt icon (the yellow envelope with the blue pin). When you do this you will be prompted for your Digital ID passphrase. Once you authenticate against the key, the mail will be sent.

Encryption between Outlook and non-Outlook clients

Outlook does take a rather cumbersome approach to encryption. With other clients there are much simpler tools. Say, for example, you are wanting to encrypt email to a Linux user who uses Evolution. For this you will have a hard time using the Digital ID you have downloaded. Instead you can use a tool like GPG4WIn. With this tool you can easily create an encryption key, export that encryption key, and attach that key to an email for the intended target. When the target receives the email they will need to save the key to a file and then import the key in with a tool like Seahorse. One point of note: The intended user MUST verify the key sent from the user, otherwise the sending of encrypted email will fail.
Final thoughts
Encryption is a very important tool for many users. For those who need it, the process can be a challenge, but it’s not impossible. With this walk-through, you should be able to get encryption working quickly and easily.
Have you found a more efficient way of encrypting email in Outlook?

Wednesday, October 27, 2010

What Is Spam

    SPAM :The term spam refers to submitting the same message to a large group of individuals in an effort to force the message onto people who would otherwise choose not to receive this message


There are two types of spam:

 
Cancelable usenet spam refers to spam email in which a single message is sent to 2 or more usenet groups. This type of spam is directed at “lurkers”, or individuals who read newsgroups but who either do not or infrequently post or give their email addresses away. Cancelable usenet spam reduces the utility of newsgroups by forcing through advertising, and as such decreases the ability of administrators and managers of newsgroups to manage accepted topics. This spam is run at a low cost to those sending out spam.

Email spam refers to spam email that is directed at individual users with direct addresses; email spam lists are usually created by scanning usenet postings, sterling Internet mailing lists or searching the Web for addresses. A variant of this form of spam is sent directly to mailing lists and email discussions that are used by public and private forums. Email spam costs individuals submitting spam email money; for example, ISPs and onine services need to pay to transmit spam directly to subscribers.  

   
In addition, there are three main components to all types of spam:

anonymity: the sender’s identity and address are concealed.
mass mailing: spam email is sent to a large number of recipients and in high quantities. 
unsolicited: the individuals receiving spam would otherwise not have opted to receive it.

Common forms of spam include commercial advertising, usually for dubious products, such as get-rich-quick schemes, quasi-legal services, political messages, chain letters and fake spam used to spread viruses.




  

Monday, October 25, 2010

OSI LAYER Vulnerabilities and thier Controls

Layer One - the Physical Layer

The physical Layer is responsible for the physical communication between end stations.  it is concerned with the actual encoding  and transmission of data in electro- electromechanical terms of voltage and wavelength mechanical

Physical Layer Vulnerabilities
Loss of Power
Loss of Environmental Control
Physical Theft of Data and Hardware
Physical Damage or Destruction of Data and Hardware
Unauthorized changes to the functional environment (data connections, removable media, adding/removing resources)
Disconnection of Physical Data Links
Undetectable Interception of Data
Keystroke & Other Input Logging

Physical Layer Controls
Locked perimeters and enclosures
Electronic lock mechanisms for logging & detailed authorization
Video & Audio Surveillance
PIN & password secured locks
Biometric authentication systems
Data Storage Cryptography
Electromagnetic Shielding


Layer Two - Data Link Layer

The Data Link Layer is concerned with the logical elements of transmissions between two directly connected stations. It deals with issues of local topology where many stations may share a common local media. This is the layer where data packets are prepared for transmission by the physical layer.

Link Layer Vulnerability Examples
MAC Address Spoofing (station claims the identity of another)
VLAN circumvention (station may force direct communication with other stations, bypassing logical controls such as subnets and firewalls.)
Spanning Tree errors may be accidentally or purposefully introduced, causing the layer two environments to transmit packets in infinite loops.
In wireless media situations, layer two protocols may allow free connection to the network by unauthorized entities, or weak authentication and encryption may allow a false sense of security.
Switches may be forced to flood traffic to all VLAN ports rather than selectively forwarding to the appropriate ports, allowing interception of data by any device connected to a VLAN.

Link Layer Controls
MAC Address Filtering- Identifying stations by address and cross-referencing physical port or logical access
Do not use VLANs to enforce secure designs. Layers of trust should be physically isolated from one another, with policy engines such as firewalls between.
Wireless applications must be carefully evaluated for unauthorized access exposure. Built-in encryption, authentication, and MAC filtering may be applied to secure networks.


Layer Three - Network Layer

The Network layer is concerned with the global topology of the internet work - it is used to determine what path a packet would need to take to reach a final destination over multiple possible data links and paths over numerous intermediate hosts. This layer typically uses constructs such as IP addresses to identify nodes, and routing tables to identify overall paths through the network and the more immediate next-hop that a packet may be forwarded to.

Network Layer Vulnerabilities
Route spoofing - propagation of false network topology
IP Address Spoofing- false source addressing on malicious packets
Identity & Resource ID Vulnerability - Reliance on addressing to identify resources and peers can be brittle and vulnerable

Network Layer Controls
Route policy controls - Use strict anti-spoofing and route filters at network edges
Firewalls with strong filter & anti-spoof policy
ARP/Broadcast monitoring software
Implementations that minimize the ability to abuse protocol features such as
broadcast


Layer Four - Transport Layer

The Transport Layer is concerned with the transmission of data streams into the lower layers of the model, taking data streams from above and packaging them for transport, and with the reassembly and passing of incoming data packets back into a coherent stream for the upper layers of the model.

Transport Layer Vulnerabilities
Mishandling of undefined, poorly defined, or “illegal” conditions
Differences in transport protocol implementation allow “fingerprinting’ and other enumeration of host information
Overloading of transport-layer mechanisms such as port numbers limit the ability to effectively filter and qualify traffic.
Transmission mechanisms can be subject to spoofing and attack based on crafted packets and the educated guessing of flow and transmission values, allowing the disruption or seizure of control of communications.

Transport Layer Controls
Strict firewall rules limiting access to specific transmission protocols and sub- sub protocol information such as TCP/UDP port number or ICMP type
Stateful inspection at firewall layer, preventing out-of-state packets, “illegal” flags, and other phony packet profiles from entering the perimeter
Stronger transmission and layer session identification mechanisms to prevent the attack and takeover of communications


Layer Five- Session Layer

The Session Layer is concerned with the organization of data communications into logical flows. It takes the higher layer requests to send data and organizes the initiation and cessation of communication with the far end host. The session layer then presents its data flows to the transport layer below where actual transmission begins.

Session Layer Vulnerabilities
Weak or non-existent authentication mechanisms
Passing of session credentials such as user ID and password in the clear, allowing intercept and unauthorized use
Session identification may be subject to spoofing and hijack
Leakage of information based on failed authentication attempts
Unlimited failed sessions allow brute-force attacks on access credentials
Session Layer Controls
Encrypted password exchange and storage
Accounts have specific expirations for credentials and authorization
Protect session identification information via random/cryptographic means
Limit failed session attempts via timing mechanism, not lockout


Layer Six- Presentation Layer

The Presentation Layer deals with the organization of data passed from the application layer into the network. This layer allows for the standardization of data and the communication of data between dissimilar hosts, such as platforms with different binary number representation schemes or character sets (ASCII vs. UNICODE, for example.)

Presentation Layer Vulnerabilities
Poor handling of unexpected input can lead to application crashes or surrender of control to execute arbitrary instructions.
Unintentional or ill-advised use of externally supplied input in control contexts may allow remote manipulation or information leakage.
Cryptographic flaws may be exploited to circumvent privacy protections

Presentation Layer Controls
Careful specification and checking of received input incoming into applications or library functions
Separation of user input and program control functions- input should be sanitized and sanity checked before being passed into functions that use the input to control operation
Careful and continuous review of cryptography solutions to ensure current security versus know and emerging threats


Layer Seven- Application Layer

The Application Layer deals with the high-level functions of programs that may utilize the network. User interface and primary function live at this layer. All functions not pertaining directly to network operation occur at this layer

Application Layer Vulnerabilities
Open design issues allow free use of application resources by unintended parties
Backdoors and application design flaws bypass standard security controls
Inadequate security controls force “all-or-nothing” approach, resulting in either excessive or insufficient access.
Overly complex application security controls tend to be bypassed or poorly understood and implemented.
Program logic flaws may be accidentally or purposely used to crash programs or cause undesired behavior

Application Layer Controls
Application level access controls to define and enforce access to application resources.
Controls must be detailed and flexible, but also straightforward to prevent complexity issues from masking policy and implementation weakness
Standards, testing, and review of application code and functionality-A baseline is used to measure application implementation and recommend improvements
IDS systems to monitor application inquiries and activity
Some host-based firewall systems can regulate traffic by application, preventing unauthorized or covert use of the network.






Sunday, October 24, 2010

How to find header in email

What is an Email Header?

It is a record/report/history of  the email which covers the path from the sender to the receiver and also contains the vital information about the mail servers that it has encountered in its path.Few emails also contain digital signature to detect the tampering of the mail in the path.



What information we can get from Email headers?

As i mentioned above we can get the history of the mail and the information on the path the mail has traveled to reach us.Lets see what information we can get from it.....

                               

            1.When the sender has composed the message(Date,Time)


            2.When the email was sent from the sender's PC to the mail server.(Date,Time)

            3.When the email was sent from the mail server to the intended receiver.(Date,Time)

            4.The type of protocol used in the entire path.

            5.The PC of the sender can be identified from the Header.

            6.The IP address of the sender but not always.


            7.The type and the number of digital signatures on the mail I mean the type of algorithm.

            8.What type of email-client the sender has used to send the mail

            9.The ISP of the sender. 

           10.If any third party is using any tracking means.




How to view Header of an Email?



Here I have listed out not all but few of the web mail providers and email client.



Web mail providers:


1.Gmail: Login in a standard version >Open mail of your choice >Click the down arrow next to reply >Then select show original.




2.Yahoo: Login >Select the desired mail >Click on action drop down menu >Select view full header.



3.Hotmail: Login >Select Inbox >Right click on the desired mail >Select view message source.




Email Desktop Clients:


1.Outlook Express: Open it >Select  the desired mail from Inbox >Right click on it and select Properties >Details.



2.Mozilla:Open it >Open the desired mail > Click view menu >Message source.

Saturday, October 23, 2010

Finding the IP Address of An Email Sender

Internet emails are designed to carry the IP address of the computer from which the email was sent. This IP address is stored in an email header delivered to the recipient along with the message. Email headers can be thought of like envelopes for postal mail. They contain the electronic equivalent of addressing and postmarks that reflect the routing of mail from source to destination.

Read more...