Monday, August 16, 2004
Email Security
This article is a general introduction to network security issues and solutions in the Internet; emphasis is placed on route filters and firewalls. It is not intended as a guide to setting up a secure network; its purpose is merely as an overview. Some knowledge of IP networking is assumed, although not crucial.
All it takes is an e-mail addressed to you that contains a link; once you follow the link, you may have given control of your email account to someone else.Here is how it works:Unless you are preventing your browser from telling sites where you came from, your computer will pass along this private information. This information will show up in the log files of the site you visit and may look like this:http://e20.email.excite.com/msg_read.php?t=0m=0s=1d=1mid=2ArdSI=bbf616913386bbb8d7ed57ee63c94eaaArdSI=bbf616913386bbb8d7ed57ee63c94eaa The malicious website owner can enter this information in their browser and possibly access your account. The information in the link above is a valid example and points to an address I have at excite.com. In this case, excite will inform you that your session expired and you will need to reenter you password. This is an example of a secure mail system.Unfortunately, many popular web based e-mail systems are not as secure. In either case, you have the right to know if you are at risk! Here is a very easy way to test for this vulnerability:Simply open your web based email account and read any of your messages. Highlight the URL (this is the address and will look like the one above) and copy or write this information down. Go to another computer (or email a trusted friend the URL) and open the browser. Paste the copied text into the URL and press enter
You are done. You should NOT be able to see your message and should receive a message asking you to log in or that your session expired.
If you did see your message, then you may be vulnerable. Notify your e-mail service provider and DO NOT click on any e-mail links; instead, copy and paste the link into your browser. Should you find an e-mail system that is not secure, please contact the owner of that system and let them know as soon as possible.
Address Translation: advancement has been to have a router modify outgoing packets to contain their own IP number. This prevents an external site from knowing any information about the internal network, it also allows for certain tricks to be played which provide for a tremendous number of additional internal hosts with a small allocated address space. The router maintains a table which maps an external IP number and socket with an internal number and socket. Whenever an internal packet is destined for the outside, it is simply forwarded with the routers IP number in the source field of the IP header. When an external packet arrives, it is analyzed for its destination port and re-mapped before it is sent on to the internal host. The procedure does have its pitfalls; checksums have to be recalculated because they are based in part on IP numbers, and some upper layer protocols encode/depend on the IP number. These protocols will not work through simple address translation routers.
Application gateways and proxies: The primary difference between firewalls and routers is that firewalls actually run applications. These applications frequently include mail daemons, ftp servers and web servers. Firewalls also usually run what are known as application gateways or proxies. These are best described as programs which understand a protocol's syntax, but do not implement any of the functionality of the protocol. Rather, after verifying that a message from an external site is appropriate, they send the message on to the real daemon which processes the data. This provides security for those applications that are particularly susceptible to interactive attacks. One advantage of using a firewall for these services is that it makes it very easy to monitor all activity, and very easy to quickly control what gets in and out of a network.
All it takes is an e-mail addressed to you that contains a link; once you follow the link, you may have given control of your email account to someone else.Here is how it works:Unless you are preventing your browser from telling sites where you came from, your computer will pass along this private information. This information will show up in the log files of the site you visit and may look like this:http://e20.email.excite.com/msg_read.php?t=0m=0s=1d=1mid=2ArdSI=bbf616913386bbb8d7ed57ee63c94eaaArdSI=bbf616913386bbb8d7ed57ee63c94eaa The malicious website owner can enter this information in their browser and possibly access your account. The information in the link above is a valid example and points to an address I have at excite.com. In this case, excite will inform you that your session expired and you will need to reenter you password. This is an example of a secure mail system.Unfortunately, many popular web based e-mail systems are not as secure. In either case, you have the right to know if you are at risk! Here is a very easy way to test for this vulnerability:Simply open your web based email account and read any of your messages. Highlight the URL (this is the address and will look like the one above) and copy or write this information down. Go to another computer (or email a trusted friend the URL) and open the browser. Paste the copied text into the URL and press enter
You are done. You should NOT be able to see your message and should receive a message asking you to log in or that your session expired.
If you did see your message, then you may be vulnerable. Notify your e-mail service provider and DO NOT click on any e-mail links; instead, copy and paste the link into your browser. Should you find an e-mail system that is not secure, please contact the owner of that system and let them know as soon as possible.
Address Translation: advancement has been to have a router modify outgoing packets to contain their own IP number. This prevents an external site from knowing any information about the internal network, it also allows for certain tricks to be played which provide for a tremendous number of additional internal hosts with a small allocated address space. The router maintains a table which maps an external IP number and socket with an internal number and socket. Whenever an internal packet is destined for the outside, it is simply forwarded with the routers IP number in the source field of the IP header. When an external packet arrives, it is analyzed for its destination port and re-mapped before it is sent on to the internal host. The procedure does have its pitfalls; checksums have to be recalculated because they are based in part on IP numbers, and some upper layer protocols encode/depend on the IP number. These protocols will not work through simple address translation routers.
Application gateways and proxies: The primary difference between firewalls and routers is that firewalls actually run applications. These applications frequently include mail daemons, ftp servers and web servers. Firewalls also usually run what are known as application gateways or proxies. These are best described as programs which understand a protocol's syntax, but do not implement any of the functionality of the protocol. Rather, after verifying that a message from an external site is appropriate, they send the message on to the real daemon which processes the data. This provides security for those applications that are particularly susceptible to interactive attacks. One advantage of using a firewall for these services is that it makes it very easy to monitor all activity, and very easy to quickly control what gets in and out of a network.
# posted by firewall software @ 8:08 PM 
