Chapter 14 Internet Services and Email Chapter 14 Overview Fundamentals of internet service, notably email Email formatting and transmission Email security issues Enterprise firewalling and point of presence Internet Services Software that provides Layer 7 services Not all Layer 7 services are end-user services DNS – name translation for other services DHCP – automated host configuration Traditional internet applications Many Internet applications were developed before security problems became serious Some date to the 1970s Older applications: file transfer (FTP), remote terminals (Telnet), finger protocol Internet Email Email with “@” address dates back to 1971 Developed for ARPANET hosts Two types of Internet standards for email Formatting standards – layout of email messages and how to handle attachments Protocol standards – how to exchange an email message/file between hosts Basic Email Format MIME Formatting “Multipurpose Internet Message Extension” Traditional email contains 7-bit ASCII characters Some email servers erase the eighth bit, or otherwise modify it MIME provides a way to embed non-ASCII encoding in an email message Embeds images or complex documents Formats messages using Web-style markup Includes encrypted data or digital signatures Email Protocols Two Types of Protocols Mailbox protocols – let a client program retrieve email from a server POP3 – a simple and popular protocol IMAP – a more elaborate protocol MAPI – Microsoft's Message API (Exchange) Delivery protocols – transmit an email to another server for delivery to its destination Typically Simple Mail Transfer Protocol: SMTP Tracking an Email: Servers Tracking an Email: Headers Is This Email Genuine? Headers from the Suspect Email Email Security Problems Connection-based attacks Large-scale sniffing risks Many sites use SSL to encrypt email traffic Spam Unsolicited email; often distributes frauds Phishing Email that tries to retrieve authentication data Email viruses Messages that trick user into replicating them Spam, Spam, Spam, Spam, Spam A huge problem Unsolicited email wastes bandwidth, server storage space, server compute cycles Typical spam involves fraudulent or illegal activities, or products not accepted in normal advertising channels Frauds Advance fee fraud Dubious stock investments Spam Prevention and Control Restrict access to mail servers Whitelists – lists of email servers that actively avoid handling spam Blacklists – email servers that carry spam Identify spam by pattern and filter it out Binary matching – looks for an exact match with specific features Statistical matching – calculates likelihood that an email is spam; filters on relative scores Phishing A social engineering attack Email induces the recipient to visit a bogus website and provide login credentials Bogus banking site, ecommerce site, email site, etc. Elements of a phishing attack Spam email that takes users to the bogus site Website that collects .

1. Chapter 14
Internet Services and Email
Chapter 14 Overview
Fundamentals of internet service, notably email
Email formatting and transmission
Email security issues
Enterprise firewalling and point of presence
Internet Services
Software that provides Layer 7 services
Not all Layer 7 services are end-user services
DNS – name translation for other services
DHCP – automated host configuration
Traditional internet applications
Many Internet applications were developed before security
problems became serious
Some date to the 1970s
Older applications: file transfer (FTP), remote terminals
(Telnet), finger protocol
Internet Email
Email with “@” address dates back to 1971
Developed for ARPANET hosts
Two types of Internet standards for email
Formatting standards – layout of email messages and how to
handle attachments
Protocol standards – how to exchange an email message/file
between hosts

2. Basic Email Format
MIME Formatting
“Multipurpose Internet Message Extension”
Traditional email contains 7-bit ASCII characters
Some email servers erase the eighth bit, or otherwise modify it
MIME provides a way to embed non-ASCII encoding in an
email message
Embeds images or complex documents
Formats messages using Web-style markup
Includes encrypted data or digital signatures
Email Protocols
Two Types of Protocols
Mailbox protocols – let a client program retrieve email from a
server
POP3 – a simple and popular protocol
IMAP – a more elaborate protocol
MAPI – Microsoft's Message API (Exchange)
Delivery protocols – transmit an email to another server for
delivery to its destination
Typically Simple Mail Transfer Protocol: SMTP
Tracking an Email: Servers
Tracking an Email: Headers

3. Is This Email Genuine?
Headers from the Suspect Email
Email Security Problems
Connection-based attacks
Large-scale sniffing risks
Many sites use SSL to encrypt email traffic
Spam
Unsolicited email; often distributes frauds
Phishing
Email that tries to retrieve authentication data
Email viruses
Messages that trick user into replicating them
Spam, Spam, Spam, Spam, Spam
A huge problem
Unsolicited email wastes bandwidth, server storage space,
server compute cycles
Typical spam involves fraudulent or illegal activities, or
products not accepted in normal advertising channels
Frauds
Advance fee fraud
Dubious stock investments
Spam Prevention and Control
Restrict access to mail servers
Whitelists – lists of email servers that actively avoid handling
spam
Blacklists – email servers that carry spam

4. Identify spam by pattern and filter it out
Binary matching – looks for an exact match with specific
features
Statistical matching – calculates likelihood that an email is
spam; filters on relative scores
Phishing
A social engineering attack
Email induces the recipient to visit a bogus website and provide
login credentials
Bogus banking site, ecommerce site, email site, etc.
Elements of a phishing attack
Spam email that takes users to the bogus site
Website that collects user's credentials
Domain name that carries the website
Email Viruses
Contains an executable attachment that propagates the virus if
the user runs it
The virus typically uses the user's email client to transmit the
virus to people in the user's email contact list
Recipients may treat the email as legitimate since it comes from
an acquaintance
Examples: Melissa, ILOVEYOU, Resume
Mechanisms: Microsoft Visual Basic, or binary executables
masquerading as other files
Email Chain Letters
An email that induces the recipient to forward it to a lot of
other people
Some are based on traditional paper-based chain letters (illegal
under Post Office rules)
Hoaxes – if recipients forward the email, some benefit arises

5. (donations to a cause, etc.)
Cancer examples
Virus hoaxes – emails that warn of a computer security risk and
recommend forwarding to everyone – not how we distribute
such warnings
Enterprise Firewalls
Provide access control at a site's gateway
Originally not intended as part of Internet
Now provides NAT and traffic filtering
Internet Access Policy Issues
How do employees use the Internet to get their work done?
What services does the enterprise offer to Internet users?
Internet-Related Risks
Risks posed by Internet access
Attacks on internal file servers and clients (#1)
Poor email service due to spam (#4)
Risks posed by a lack of Internet
Lost sales from lack of a website (#2)
Lack of email yields poor customer communication (#3)
Ineffective R&D, marketing, and purchasing staff due to lack of
browser access (#5)
A Simple Internet Policy
Controlling Internet Traffic
Host control
Restrict on sending or receiving address
Service control
Restrict on TCP or UDP port number

6. Direction control
Restrict according to whether the traffic was initiated inside or
outside of the site
Content control
Examine application-level data to detect violations of specific
restrictions
Filtering Internet Traffic
Traffic Filtering Mechanisms
Packet filtering
Examine individual packets
Make decisions on a per-packet basis
Session filtering
Establish a session based on socket address
Permit/deny based on source of session
Keep track of session status (i.e., TCP open)
Application filtering
Reconstruct application layer data and filter based on data
contents
Firewall Rule Format
Rules to Enforce Simple Policy
Enterprise Point of Presence (POP)
POP topology – how site connects to Internet
Single firewall, with optional bastion host

7. Three-legged firewall
Dual firewall
The DMZ – demilitarized zone
A military/political term for an internal LAN that accepts
inbound Internet connections
May be protected from the rest or the enterprise LAN via a
firewall
Single Firewall with Bastion Host
Three-Legged Firewall
Dual Firewall with DMZ
Attacking a Firewall
Protocol attacks
IP spoofing – bypassed firewall by masquerading as internal
traffic
Fragmentation attack – made first fragment too small to contain
the port number
Tunneling
Embed traffic inside a protocol that the firewall always passes,
like Web pages
Requires custom client and server
Some legitimate vendors use tunneling
image2.jpg
image3.jpg
image4.jpg

8. image5.jpg
image6.jpg
image7.jpg
image8.jpg
image9.jpg
image10.jpg
image11.jpg
image12.jpg
image13.jpg
image14.jpg
image1.jpg
Details:
Using the course text, professional journal articles, or other
reputable resources, and complete the assignment as listed
below.
First Part:
What is the main attraction of free email (other than
cost)? What are the risks associated with free email services?
Think back to basic cybersecurity principles.
Second Part (in the same document):
Describe a recent, successful phishing attack. Was the
email a free service? What was the organization and industry
sector (healthcare, gov, etc.)? How many records were
breached?
Paper Requirements:Format: Microsoft Word
Font: Arial, 12-Point, Double-Space (or equivalent)
Citation Style: APA or MLA (The point is to use a style

9. that makes your document readable and give credit to the
sources you used.)
Length Requirements:
2–3 pages
Coversheet
List of References Page.
Proofread - Edit for spelling, grammar, punctuation, etc.
Use only course text, professional journal articles, or other
reputable resources.