La seguridad sí importa: Windows Live & IE9


Published on

Charla impartida por la empresa Informática 64 en la Gira Up to Secure 2011.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

La seguridad sí importa: Windows Live & IE9

  1. 1. Yes, Security is importantChema Alonsochema@informatica64.com<br />
  2. 2. Youhavean e-mail<br />MX<br />SMTP<br />Domain1 outgoing e-mail Server<br />SmartHosts<br />List<br /><br />POP3<br />HTTP<br />MAPI<br />IMAP<br />RPC/HTTPS<br />DNS<br />Domain 2 incoming<br />e-mail Servers<br /> <br />
  3. 3. Spam<br />Security<br />Intelligence<br />Report volumen 9<br />1 in 47 e-mail messagesisnotspam<br />
  4. 4. Spam Confidence Level<br />Identifies which is the probability of an e-mail message of being spam<br />0 – 3 Not spam -> Inbox folder<br />4 – 6 Probably Spam -> Junk folder<br />7 – 9 Is spam -> Delete<br />A lot of technics based on analyses message’s characteristics<br />Bayesian Filters<br />S.T.A.R. (SpammerTricks, Analysis and Response)<br /><ul><li>Only images
  5. 5. Hidden txt
  6. 6. Links pointing to different URLs
  7. 7. …</li></li></ul><li>It´s not spam for everybody<br />Some users mark as spam messages from:<br />Newsletters they have been subscripted without been informed previously<br />Newsletters they were agree to be added but now they are boring of it, and don´t want to unsubscribe (Mark it as spam is easier)<br />Words in Bayesian filters can be spam for mostly of the people, but not for everybody<br />
  8. 8. User Actions: Clean up the inbox<br />Sweeping options<br />Block senders forever<br />Spam & Clutter mails<br />Move/delete messages from senders:<br />One or more senders in a row<br />
  9. 9. User Actions:Mark as Spam/Phishing/Secure<br />
  10. 10. User Actions:Read, Response and/or delete e-mails<br />If a type of e-mail is always deleted without previously be opened<br />Analyzing sender and subject user is able to know that those e-mails are not useful for they -> SCL++<br />If a type of e-mail is always opened at first position, that means it´s important -> SCL -- <br />If user search e-mails using a characteristic and then delete them<br />Etcetera…<br />
  11. 11. Server ReputationLevel (SRL)<br />Reduces the impact of spamming servers.<br />Identifies server reputation based on the SCL obtained by the previous e-mails which it sent<br />SRL allows to quickly detect a new spamming server or an unsecure e-mail server which is being used to spam.<br />
  12. 12. Microsoft SmartScreen<br />Evaluates message characteristics<br />SCL<br />Evaluates user opinions<br />SCL is interactive<br />Evaluates user actions<br />SCL is dynamic and customized<br />Evaluates server reputation<br />SCLs based on which is sending the message<br />Real-Time Black-hole Lists<br />
  13. 13. My “own” spams<br />
  14. 14. My “own” spams<br />They are coming from our contacts<br />The password has been stolen<br />There is a malware/Trojan/Bot in our contact’s machine<br />Solutions:<br />Antimalware<br />Microsoft Security Essentials 2.0<br />Improve protection of Windows Live account<br />Use SSL<br />Single-Use Codes<br />Password retrieval<br />Trusted PC<br />Mobile number<br />
  15. 15. Steal of credentials<br />
  16. 16. Microsoft Security Essentials 2.0<br />Free for home-users<br />Free for companies of 10 or less installations.<br />Automatic updates<br />Real-Time protection<br />It is the same antimalware engine which is currently in use in corporate solutions as:<br />Forefront Client Protection<br />Forefront Endpoint Protection 2010<br />
  17. 17. IE9: DownloadReputation<br />
  18. 18. DirtyDozen<br /><br />
  19. 19. Associated mobile number<br />It allows users to access to Single-Use Codes<br />It allows to quickly obtain a new password<br />
  20. 20. Single-Use Codes<br />From a secure connection, users can request for a Single-Use Code. <br />Users can request as much codes as they think they will need.<br />Codes are sent to the mobile number associated to the Windows Live account.<br />Every code can be only used once.<br />If the user connects to Windows Live from an unsecure connection/computer and code is stolen, nothing happens.<br />Single-Use codes are useful after used.<br />
  21. 21. Connect to Hotmail using Http-s<br />
  22. 22. Windows Live Messenger<br />Chats are not encrypted<br />Microsoft Office Communications Server: encrypt, antimalware, corporate policy, etc…<br />There are a lot of partners with free/professionals add-ins to encrypt Windows Live Messenger messages. Ex: SecwaySimp Lite.<br />
  23. 23. Multiple sessions alerts<br />
  24. 24. Trusted PC<br />Windows Live allows users to mark a PC as trusted. This gives user the opportunity of:<br />Quickly retrieve the password from it.<br />Protect the account against DOS attacks<br />
  25. 25. Identity impersonating<br />«Attackers» spoof the mail from field<br />E-mails are coming from servers which don´t belong to the domain in the sender address.<br />No digitally signed<br />Solutions?<br />Sender Policy Framework / SenderID<br />DKIM: DomainKey Identified Mail<br />Mutual TLS<br />
  26. 26. SPF/Sender ID<br />Sender ID:<br /><ul><li>Need a TXT record in the DNS
  27. 27. Four operational modes:
  28. 28. spf2.0/mfrom
  29. 29. spf2.0/mfrom,pra
  30. 30. spf2.0/pra,mfrom
  31. 31. spf2.0/pra
  32. 32. -all -> fail
  33. 33. ~all -> Softfail
  34. 34. ?all -> Neutral
  35. 35. +all -> Pass
  36. 36. PRA: Purported Responsible Address
  37. 37. From
  38. 38. Sender
  39. 39. Resent-From
  40. 40. Resent-Sender </li></ul>SPF:<br /><ul><li>Need a TXT record in the DNS
  41. 41. Check the IP of the server and the domain in the mail from field
  42. 42. It is configured as v=spf1
  43. 43. -all -> fail
  44. 44. ~all -> Softfail
  45. 45. ?all -> Neutral
  46. 46. +all -> Pass</li></li></ul><li>Some SPF TXT Records<br />
  47. 47. Youhaveane-mail with SPF record<br />MX<br />SMTP<br />Domain1 outgoing e-mail Server<br /><br />SmartHosts<br />List<br />POP3<br />HTTP<br />MAPI<br />IMAP<br />RPC/HTTPS<br />DNS<br />SPF<br />Domain 2 incoming e-mail Servers<br /> <br />
  48. 48. Gmailwith SPF<br />
  49. 49. withSenderID<br />
  50. 50. Gmail: Resent email<br />
  51. 51. Hotmail: Resent e-mail<br />
  52. 52. DKIM & Mutual-TLS<br />DKIM: Pushed by CISCO, Google & Yahoo. Outgoing servers sign e-mails messages with a private key. Public key is in a TXT DNS record. It doesn´t warrant a spoofed e-mail and doesn´t sign the headers. Not so much used on the Internet. Yahoo is using it in test mode and Gmail hasn´t any policy about what to do with a non-signed e-mail from Gmail.<br />Mutual-TLS: Pushed by Microsoft, actually it is working in MS Exchange Servers (and Hotmail). It used a TLS channel between outgoing and incoming servers. Before that, servers authenticate each other using digital certificated. Messages are crypt and communication between servers signed.<br />
  53. 53. Summary<br />Keep a system secure needs a constant effort.<br />Threats are changing quickly. Security protections for yesterday risks are not good for today’s ones.<br />Keep a safe and secure e-mail service depends on:<br />Domain owners<br />Server administrators<br />Users owning the inboxes<br />
  54. 54. Questions?<br />Chema Alonso<br /><br /><br /><br />