Scribd
Upload
58 views5 pages

Email Security: Policies and Practices

Uploaded by

Nusrath Farheen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views5 pages

Email Security: Policies and Practices

Uploaded by

Nusrath Farheen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

lOMoARcPSD|45374298

GNANAMANI COLLEGE OF TECHNOLOGY


DEPARTMENT OF AI&DS
CW3551-DATA AND INFORMATION SECURITY
UNIT IV -E-MAIL AND IP SECURITY

UNIT IV - E-MAIL AND IP SECURITY 9


E-mail and IP Security: Electronic mail security: Email Architecture -PGP – Operational
Descriptions- Key management- Trust Model- S/MIME.

IP Security: Overview- Architecture - ESP,AH Protocols IPSec Modes – Security association - Key
management.

1. Electronic mail security- Email Architecture


2. PGP
Operational Descriptions
Key management
Trust Model
3. S/MIME
4. IP Security: Overview- Architecture- ESP
5. AH Protocols
6. IPSec Modes
Security association
Key management

1. Electronic mail security- Email Architecture:


What is Email Security?

Email (short for electronic mail ) is a digital method by using it we exchange


messages between people over the internet or other computer networks. With the help of this, we
can send and receive text-based messages, often an attachment such as documents, images, or videos,
from one person or organization to another.

It was one of the first applications developed for the internet and has since become one of the most
widely used forms of digital communication. It has an essential part of personal and professional
communication, as well as in marketing, advertising, and customer support.

In this article, we will understand the concept of email security, how we can protect our email, email
security policies, and email security best practices, and one of the features of email is an email that
we can use to protect the email from unauthorized access.

Email Security:

Basically, Email security refers to the steps where we protect the email messages and the
information that they contain from unauthorized access, and damage. It involves ensuring the
confidentiality, integrity, and availability of email messages, as well as safeguarding against
phishing attacks, spam, viruses, and another form of malware. It can be achieved through a
combination of technical and non-technical measures.

[Link] Page: 1 / 25
lOMoARcPSD|45374298

Some standard technical measures include the encryption of email messages to protect their
contents, the use of digital signatures to verify the authenticity of the sender, and email filtering
systems to block unwanted emails and malware, and the non-technical measures may include
training employees on how to recognize and respond to phishing attacks and other email security
threats, establishing policies and procedures for email use and management, and conducting regular
security audits to identify and address vulnerabilities.

We can say that email security is important to protect sensitive information from unauthorized access
and ensure the reliability and confidentiality of electronic communication.

Steps to Secure Email:

We can take the following actions to protect our email.

 Choose a secure password that is at least 12 characters long, and contains uppercase and
lowercase letters, digits, and special characters.
 Activate the two-factor authentication, which adds an additional layer of security to your
email account by requiring a code in addition to your password.
 Use encryption, it encrypts your email messages so that only the intended receiver can
decipher them. Email encryption can be done by using the programs like PGP or S/MIME.
 Keep your software up to date. Ensure that the most recent security updates are installed on
your operating system and email client.
 Beware of phishing scams: Hackers try to steal your personal information by pretending as
someone else in phishing scams. Be careful of emails that request private information or
have suspicious links because these are the resources of the phishing attack.
 Choose a trustworthy email service provider: Search for a service provider that protects
your data using encryption and other security measures.
 Use a VPN: Using a VPN can help protect our email by encrypting our internet connection
and disguising our IP address, making it more difficult for hackers to intercept our emails.
 Upgrade Your Application Regularly: People now frequently access their email accounts
through apps, although these tools are not perfect and can be taken advantage of by
hackers. A cybercriminal might use a vulnerability, for example, to hack accounts and steal
data or send spam mail. Because of this, it’s important to update your programs frequently.

Email Security Policies

The email policies are a set of regulations and standards for protecting the privacy, accuracy, and
accessibility of email communication within the organization. An email security policy should
include the following essential components:

 Appropriate Use: The policy should outline what comprises acceptable email usage inside
the organization, including who is permitted to use email, how to use it, and for what purpose
email we have to use.

[Link] Page: 2 / 25
lOMoARcPSD|45374298

GNANAMANI COLLEGE OF TECHNOLOGY


DEPARTMENT OF AI&DS
CW3551-DATA AND INFORMATION SECURITY
UNIT IV -E-MAIL AND IP SECURITY
 Password and Authentication: The policy should require strong passwords and two-factor
authentication to ensure that only authorized users can access email accounts.
 Encryption: To avoid unwanted access, the policy should mandate that sensitive material be
encrypted before being sent through email.
 Virus Protection: The policy shall outline the period and timing of email messages and
attachment collection.
 Retention and Detection: The policy should outline how long email messages and their
attachments ought to be kept available, as well as when they should continue to be removed.
 Training: The policy should demand that all staff members take a course on email best
practices, which includes how to identify phishing scams and other email-based threats.
 Incident Reporting: The policy should outline the reporting and investigation procedures for
occurrences involving email security breaches or other problems.
 Monitoring: The policy should outline the procedures for monitoring email communications
to ensure that it is being followed, including any logging or auditing that will be carried out.
 Compliance: The policy should ensure compliance with all essential laws and regulations,
including the health
 Insurance rules, including the health portability and accountability act and the General Data
Protection Regulation (GDPR)(HIPPA).
 Enforcement: The policy should specify the consequences for violating the email security
policy, including disciplinary action and legal consequences if necessary.

2. Email Architecture:

Introduction:
Electronic mail, commonly known as email, is a method of exchanging messages over the
internet. Here are the basics of email:

1. An email address: This is a unique identifier for each user, typically in the format of
name@[Link].
2. An email client: This is a software program used to send, receive and manage emails, such as
Gmail, Outlook, or Apple Mail.
3. An email server: This is a computer system responsible for storing and forwarding emails to
their intended recipients.

To send an email:

1.
Compose a new message in your email client.
Enter the recipient’s email address in the “To” field.
2.
3.
Add a subject line to summarize the content of the message.
4.
Write the body of the message.
5.
Attach any relevant files if needed.
Click “Send” to deliver the message to the recipient’s email server.
6.
7.
Emails can also include features such as cc (carbon copy) and bcc (blind carbon copy) to send
copies of the message to multiple recipients, and reply, reply all, and forward options to
manage the con
[Link] Page: 3 / 25
lOMoARcPSD|45374298

Electronic Mail (e-mail) is one of most widely used services of Internet. This service allows an
Internet user to send a message in formatted manner (mail) to the other Internet user in any part of
world. Message in mail not only contain text, but it also contains images, audio and videos data. The
person who is sending mail is called sender and person who receives mail is called recipient. It is
just like postal mail service. Components of E-Mail System : The basic components of an email
system are : User Agent (UA), Message Transfer Agent (MTA), Mail Box, and Spool file. These are
explained as following below.

1. User Agent (UA) : The UA is normally a program which is used to send and receive mail.
Sometimes, it is called as mail reader. It accepts variety of commands for composing,
receiving and replying to messages as well as for manipulation of the mailboxes.
2. Message Transfer Agent (MTA) : MTA is actually responsible for transfer of mail from one
system to another. To send a mail, a system must have client MTA and system MTA. It
transfer mail to mailboxes of recipients if they are connected in the same machine. It delivers
mail to peer MTA if destination mailbox is in another machine. The delivery from one MTA
to another MTA is done by Simple Mail Transfer Protocol.

3. Mailbox : It is a file on local hard drive to collect mails. Delivered mails are present in this
file. The user can read it delete it according to his/her requirement. To use e-mail system each
user must have a mailbox . Access to mailbox is only to owner of mailbox.
4. Spool file : This file contains mails that are to be sent. User agent appends outgoing mails in
this file using SMTP. MTA extracts pending mail from spool file for their delivery. E-mail
allows one name, an alias, to represent several different e-mail addresses. It is known as
[Link] Page: 4 / 25
lOMoARcPSD|45374298

GNANAMANI COLLEGE OF TECHNOLOGY


DEPARTMENT OF AI&DS
CW3551-DATA AND INFORMATION SECURITY
UNIT IV -E-MAIL AND IP SECURITY
mailing list, Whenever user have to sent a message, system checks recipient’s name against
alias database. If mailing list is present for defined alias, separate messages, one for each entry
in the list, must be prepared and handed to MTA. If for defined alias, there is no such mailing
list is present, name itself becomes naming address and a single message is delivered to mail
transfer entity.

Services provided by E-mail system :

 Composition – The composition refer to process that creates messages and answers. For
composition any kind of text editor can be used.
 Transfer – Transfer means sending procedure of mail i.e. from the sender to recipient.
 Reporting – Reporting refers to confirmation for delivery of mail. It help user to check
whether their mail is delivered, lost or rejected.
 Displaying – It refers to present mail in form that is understand by the user.
 Disposition – This step concern with recipient that what will recipient do after receiving mail
i.e save mail, delete before reading or delete after reading.

Advantages Or Disadvantages:
Advantages of email:

1. Convenient and fast communication with individuals or groups globally.


2. Easy to store and search for past messages.
3. Ability to send and receive attachments such as documents, images, and videos.
4. Cost-effective compared to traditional mail and fax.
5. Available 24/7.

Disadvantages of email:

1. Risk of spam and phishing attacks.


2. Overwhelming amount of emails can lead to information overload.
3. Can lead to decreased face-to-face communication and loss of personal touch.
4. Potential for miscommunication due to lack of tone and body language in written messages.
5. Technical issues, such as server outages, can disrupt email service.
6. It is important to use email responsibly and effectively, for example, by keeping the subject
line clear and concise, using proper etiquette, and protecting against security threats.

3. PGP:

In 2013, when the NSA (United States National Security Agency) scandal was leaked to the public,
people started to opt for the services which can provide them a strong privacy for their data.
Among the services people opted for, most particularly for Emails, were different plug-ins and
extensions for their browsers. Interestingly, among the various plug-ins and extensions that people
started to use, there were two main programs that were solely responsible for the complete email
security that the people needed. One was S/MIME which we will see later and the other was PGP.

[Link] Page: 5 / 25

Common questions

Powered by AI

Organizations should ensure email security policies mandate encryption of sensitive data to prevent unauthorized access, enforce strong passwords and two-factor authentication, and delineate appropriate email use. Programs for virus and phishing detection should be in place along with regular auditing and monitoring. Compliance with GDPR and HIPAA requires that policies include data retention rules and incident reporting procedures to manage breaches effectively. Training employees on identifying threats and establishing consequences for non-compliance are essential to meet these regulatory standards .

S/MIME differs from PGP by primarily leveraging a hierarchical infrastructure in which digital certificates issued by Certificate Authorities (CAs) manage public keys, contrasting with PGP’s web of trust model. S/MIME provides seamless integration with major email clients like Outlook, enhancing usability in corporate environments with its standardized method for encryption and signing emails. It ensures message integrity and sender authenticity through this standardization and formal key management structure .

PGP enhances email security by providing strong encryption for email messages, ensuring that only intended recipients can read the contents. Its operational descriptions include mechanisms for public and private key management, allowing for secure message exchanges and digital signatures for authenticity. PGP uses a trust model where public keys are distributed through a trusted server, or shared directly by users, thereby establishing a web of trust .

Key management is crucial for email and IP network security because it involves the secure handling of cryptographic keys associated with encrypting and decrypting messages, and ensuring sender authenticity. Proper key management includes generating, storing, distributing, and revoking keys, maintaining their confidentiality and integrity. This prevents unauthorized access to sensitive communications and data. In PGP and IPsec, keys are pivotal to establishing secure communication channels and authentic identities .

To safeguard against phishing, implement two-factor authentication, educate users on recognizing phishing emails, and employ advanced email filtering that uses machine learning to detect suspicious patterns. Regular security awareness programs can help users identify phishing attempts, and reporting mechanisms for suspected phishing scams allow for quick responses. Additionally, configuring email clients to block or alert on suspicious domain names enhances detection and prevention .

Failure to regularly update email applications can lead to vulnerabilities that hackers can exploit to gain unauthorized access to email accounts. Outdated software may lack patches for known security vulnerabilities, making it easier for cybercriminals to execute attacks such as data breaches, send spam, or engage in phishing activities. Regular updates include security enhancements that protect email integrity and maintain the confidentiality of sensitive communications .

Email security involves protecting email messages and the information they contain from unauthorized access and damage, ensuring confidentiality, integrity, and availability. Main components include email encryption to protect contents and digital signatures for sender authenticity, as well as filtering systems to block unwanted emails and malware. Non-technical measures involve employee training to recognize phishing, establishing management policies, and conducting audits. Confidentiality is maintained through encryption, integrity via digital signatures, and availability by ensuring reliable access and timely message delivery .

ESP (Encapsulating Security Payload) and AH (Authentication Header) are two key protocols contributing to IP Security by providing different functions. ESP can encrypt data for confidentiality, protect it for integrity, and authenticate its source. AH provides a way to authenticate packets while maintaining data integrity, but does not encrypt the data which leaves it vulnerable to eavesdropping. In email communication, these protocols ensure that emails are transmitted securely across networks by maintaining the privacy and integrity of the data packets .

Email is a critical global communication tool due to its convenience, speed, cost-effectiveness, and ability to send textual as well as multimedia messages. It provides 24/7 access, making it ideal for both personal and professional communication worldwide. However, email also carries risks such as spam, phishing attacks, and information overload. It can hinder face-to-face communication, suffer from technical issues, and potentially mislead due to misinterpretation without non-verbal cues .

A mailing list in email systems refers to an alias representing multiple email addresses to facilitate sending messages to a group. Operational advantages include efficient communication with multiple recipients simultaneously, saving time in distributing newsletters, announcements, or discussions. However, disadvantages include potential privacy issues if email addresses are exposed and increased vulnerability to spam if an alias is leaked. Proper management of mailing lists is needed to mitigate these risks and maintain effective communication .

You might also like