CompTIA Sec+ | Microsoft MTA Security: Email and Application Security

• gol


• 30 Mar 2016

Some of the Security+ exam will test you on your knowledge of some basic email, Internet, and application security issues. Although the amount of detail of knowledge that is required is quite minimal, you must still have a working knowledge of some simple email and application security concepts.

 

Email Security

Email is a wonderful tool, no doubt, but it is not without security issues. Typical email configurations allow for senders of email to spoof their addresses and send email messages in plain text. Even worse, it is difficult for a recipient of an email to verify that the sender is actually who sent the message! Thankfully, we have a few security tools at our disposal to ensure confidentiality (through encryption) and integrity (through encryption, digital signatures, and strong passwords). Here are some of those tools:

• S/MIME, or Secure Multipurpose Internet Mail Extensions, provides basic cryptographic services for email sent via the Internet.Most popular browsers and email clients support S/MIME, making it among the more popular cryptographic email security services available.
• MOSS, or MIME Object Security Services, is a less-common, more extensive suite of security services for email.
• PEM, or Privacy Enhanced Mail, provides 3DES encryption for email.
• PGP, or Pretty Good Privacy, is an open-source and extremely popular email security suite that uses IDEA to encrypt email and validate signatures.

Email also has a few security vulnerabilities:

• Spam is one of the most commonly mentioned nuisances, but did you know it is actually considered a security threat? By clogging the email server, widespread spam denies to the user availability, a key component of the CIA triangle. Some spam solutions include user education, email filtering, and reporting of Spam to the proper authorities (where necessitated by law)
• Open relays are email servers that forward email without any kind of authentication. In other words, open relays allow malicious users to send bulk email without logging into an email server. A good email security setup always includes a non-open relay server (or authenticated relay server).
• Malicious Software: Obviously, viruses and worms are a large problem. Many propagate via email messages that are automatically sent by infected hosts. One of the more common solutions is to virus scan and filter incoming email.

 

Internet Security

The Internet can be a dangerous place, and so, we are interested in protecting users from malicious web sites (with browser scripts) as well as protecting the information that users send to web sites.

• SSL is a connection-oriented standard designed to allow for secure cryptographic communication between two hosts via the Internet. TLS is the newest version of SSL.
• S-HTTP is a connectionless standard that provides for symmetric encryption, message digests, and client-server authentication.
• Browser Scripts/Vulnerabilities are controls, scripts, programs, or other software that can run from the browser and cause damage to a host. In particular, ActiveX controls are well-known for their often malicious content. The best way to protect against browser buffer overflows is to remain vigilant and updated on the latest patches.

 

 

**Source by wikipedia**

 To Become Certified For CompTIA Security+ Please Visit This Link ;