Computer Security

1
Computer Security

• Email Hacking

2
what exactly HACKING is ?

• -gtHacking is a process to bypass the security
  mechanisms of an information system or network.
  These are two types-
• Local hacking
• Local hacking is done in local area where we
  physical access ,like through printer etc.
• Remote hacking
• Remote hacking is done remotely by taking
  advantages of the vulnerability of the target
  system.

3
Internet Protocol Stack
BitTorrent
SMTP
HTTP
Application Layer
RTSP
UDP
TCP
Transport Layer
IP
Network Layer
Ethernet
802.11(b, a, g) / WiFi
Link Layer
Physical Layer
Cables
Fiber Optics
Radio
4
SMTP

• -gtSMTP used to send email from sender to
• recipients mail server
• -gtThen use POP3, IMAP or HTTP (Web mail)
• to get messages from server
• -gtAs with many application protocols, SMTP
• commands are human readable
  recipient sender
• SMTP SMTP
• 
  POP3
  
  

5
Electronic Mail

• Three major components
• user agents
• mail servers
• simple mail transfer protocol
• SMTP
• User Agent
• a.k.a. mail reader
• composing, editing, reading
• mail messages
• e.g., pine, Outlook, elm,
• Thunderbird
• outgoing, incoming messages
• stored on server

• 
  
  
• SMTP
• SMTP
• SMTP

user agent
Mail server
user agent
Mail server
user agent
user agent
Mail server
user agent
user agent
6
Electronic Mail mail servers

• Mail Servers
• mailbox contains incoming
• messages for user
• message queue of outgoing (to be sent) mail
  messages
• SMTP protocol between mail
• servers to send email messages
• client sending mail server
• server receiving mail
• server

• 
  
• 
  
• SMTP
• SMTP
• SMTP

Mail server
Mail server
Mail server
7
Sending Server to Receiving Server

• three phases of transfer
• handshaking (greeting)
• transfer of messages
• closure
• command/response interaction
• commands ASCII text HELO, MAIL, RCPT, DATA,
• QUIT, etc.
• response status code and phrase
• messages must be in 7-bit ASCII

8
Mail message format

• RFC 822 standard for text
• message format
• header lines, e.g.,
• To
• From
• Subject
• body
• the message, ASCII
• characters only

• 
  
• blank line

header
body
9
More mail access protocols

• SMTP delivery/storage to receivers server
• Mail access protocol retrieval from server
• POP Post Office Protocol RFC 1939
• authorization (agent lt--gtserver) and download
• IMAP Internet Mail Access Protocol RFC 1730
• more features (more complex)
• manipulation of stored messages on server
• HTTP Hotmail , Yahoo! Mail, etc.

10
What is Security?

• Security is the protection of assets. The three
  main aspects are
• prevention
• detection
• re-action

11
Some differences between traditional security and
information security

• Information can be stolen - but you still have it
• Confidential information may be copied and sold -
  but the theft might not be detected
• The criminals may be on the other side of the
  world

12

• Computer Security deals with the prevention and
  detection of unauthorised actions by users of a
  computer system.

13

• There is no single definition of security
• What features should a computer security system
  provide?

14
Confidentiality

• The prevention of unauthorized disclosure of
  information.
• Confidentiality is keeping information secret or
  private.
• Confidentiality might be important for military,
  business or personal reasons.

15
Security systems

• A security system is not just a computer package.
  It also requires security conscious personnel who
  respect the procedures and their role in the
  system.
• Conversely, a good security system should not
  rely on personnel having security expertise.

16
Risk Analysis

• The disadvantages of a security system are that
  they are time-consuming, costly, and impede
  management and smooth running of the
  organization.
• Risk analysis is the study of the cost of a
  particular system against the benefits of the
  system.

17
Designing a Security System

• There are a number of design considerations
• Does the system focus on the data, operations or
  the users of the system?
• What level should the security system operate
  from? Should it be at the level of hardware,
  operating system or applications package?
• Should it be simple or sophisticated?
• In a distributed system, should the security be
  centralised or spread?
• How do you secure the levels below the level of
  the security system?

18
Summary

• By now you should have some idea about
• Why we need computer security (prevention,
  detection and re-action)
• What a computer security system does
  (confidentiality, integrity, availability,
  non-repudiation, authentication, access control,
  accountability)
• What computer security exerts do (design,
  implement and evaluate security systems)

19
Thank You
20
Dibyajit Dash