qwertyuiopasdfghjklzxcvbnmq

wertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwer
tyuiopasdfghjklzxcvbnmqwerty
uiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopas
dfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmrtyui



BTEC National Extended Diploma in
IT

Unit 32 Networked Systems Security Task P2
4/26/2013


Tahir Hussain ID: 205345



Unit 32 Networked Systems Security P2
Contents
1.0 Email Systems Network Protection ............................................................................................. 2
1.1 SMIME ..................................................................................................................................... 2
Spam ................................................................................................................................................... 2
Hoaxing ............................................................................................................................................... 2
Relay Agents ........................................................................................................................................ 3
Wireless systems ..................................................................................................................................... 3
Site surveys ......................................................................................................................................... 4
MAC address filtering .......................................................................................................................... 4
WEP/WPA keys ................................................................................................................................... 4
Networked devices ............................................................................................................................. 5
security features ................................................................................................................................. 5
Transmission media: ........................................................................................................................... 5
Personal access control: ...................................................................................................................... 5
Security control at device level ........................................................................................................... 6
Encryption: .......................................................................................................................................... 6
Intrusion detection systems................................................................................................................ 6













Unit 32 Networked Systems Security P2
Email Systems Network Protection
SMIME
S/MINE is a shorter term for Secure Multipurpose Internet Mail Extensions this is a standard used for
public key encryption and the signing of an email message. This makes sure email recipient actually
knows the sender has sent them an email, so it can be trusted. This also opens the opportunity to
send and receive encrypted emails. S/MINE is integrated in some web browsers such as Internet
Explorer; it has also been endorsed by companies involved with messaging products.

Spam
Spam is when emails systems are used by spammers to send unnecessary bulk messages like adverts
to users of email clients in order for them to buy products. Spam may also contain malicious
software. So it is important to protect against spam.
A spam filter is a program that categories inbound mail in order to find junk messages which is called
Spam. These filters are installed on the mail server, on a network, personal computer or the
internet. Spam is an annoyance and it can also be used to spread malicious programs like Trojans
and viruses. So a spam filter is becoming much more popular in order to protect a computer or
network system. These spam filters are used by email applications such as Microsoft Outlook.
A mail server detects spam by checking the heading/subject of inbound emails with terms typically
involved with spam such as pharmaceutical products and surveys. The sender can also be filtered in
accordance to a list of trusted IP addresses if the sender is on the list then the email will not be
received.
Spammers have now though become more insidious in order to get passed the spam filters. Spam
will now usually come with a personal or harmless heading/subject such as Hello! This makes it
more problematic for the filter to tell if the email is spam or genuine. This means some sort of spam
does get passed mail servers and so are received by users.
Hoaxing
Hoax emails or known as spoof emails, is the sender of the email deliberately changes portions of
the email to act as if it was sent by somebody different. Normally the body, subject and the address
of the email seem like it has appeared from a trusted person or company.
Sometimes the content of the spoof emails are made to pass around urban myths. But in more
serious cases the hoax can involve malicious elements as part of phishing or even scareware.
The purpose of these spoof emails is to try and phish a victims passwords and user names. The
sender also is trying to spam by hiding their identity and advertising in your mailbox.
Email is spoofed by hand by altering properties of the email such as the address, IP address, reply-to
address, from address etc. Email however nowadays is spoofed with the use of specialist software
programs like ratware. These program would usually have a huge wordlist to target loads of email
addresses, it will then spoof a source and then send spam in a huge blast.
Unit 32 Networked Systems Security P2
To protect against spoof emails you just have to use your own scepticism. You should not open any
emails in which you think the sender is illegitimate. You dont need to open any file attachments as
they could have viruses in them. So be aware and be careful when opening any weird looking emails.
Relay Agents
Before discussing what SMTP relay is we must understand what SMTP or Simple Mail Transfer
Protocol is and how the protocol resides. Most ISP use this protocol to send emails. Also email
clients use this in order to act as a SMTP client to allocate messages to clients. When an email client
sends an email is communicates and therefore connects to the SMTP servers by the SMTP protocol.
Email works in the same way as snail mail SMTP servers are just like local post offices. When a
sender sends an email the email gets sent to the SMTP server in which forwards the message to the
recipients corresponding SMTP server. All recipients have an exclusive email address in which a
message is sent or received. All SMTP servers handle one or further domain names. If both the
sender and the recipient have the identical domain then no other SMTP server is needed.
If an employee of a company X wanted to send an email to company Y, the employee will connect to
the SMTP server for company X and that server will then relay the message to company Y server.
Relying is when a SMTP server accepts an email destined for a different SMTP server.
It would be very difficult to send email if all the SMTP servers of the world did not relay user
authentication.
Many SMTP servers will request a users id and password. The SMTP server will only then relay the
message to other servers if the credentials are correct. This ensures that nobody from outside the
organisation can use their SMTP servers in order to send to a third part receiver.
An open relay is when the SMTP server accepts emails from many domains without the need for
user authentication. Open relays are often used by spammers and once they find an open relay they
are able to send millions of messages worldwide which can absolutely cripple a network.
Many organisations have a database which contains IP addresses which list open relay servers. If you
have an open relay server you are in danger of being on these IP lists. And consequently SMTP
servers will not accept any emails from yourself.
However you can send a message to a test server without typing in your credentials. This can be
achieved by many user agents like Outlook and Messenger. If the emails you send to different
domains is acknowledged them you might have an open relay.



Wireless systems
Unit 32 Networked Systems Security P2
Site surveys
Site surveys are usually harmless questions used by online companies in order for them to conduct
market research and improve their business and products.
However some surveys are sent as emails by spammers pretending to be a legitimate company in
order for them to persuade you take them and them phish information of you. This can result in
identity theft and the victims user names and passwords from being stolen.
So you must be very careful and any suspicious emails must be taken seriously and not opened as
they can contain malicious bogus.
MAC address filtering
MAC address filtering can be enabled on your router or access point. A MAC is a matchless code to
all wireless network cards. MAC address filtering will list hardware MAC addresses of your devices on
the network, this will only permit the known devices to connect to your network. But hackers are
able to duplicate MAC addresses so they can still access to your network, so the filtering of MAC
addresses should never be a suitable replacement of WPA2 encryption.
WEP/WPA keys
Current Wi-Fi devices and equipment support WPA (Wireless Protected Access) security and the
newer WPA2 wireless security. When setting up WPA on the network there some options to choose
from which normally include AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity
Protocol). AES is much tougher encryption and often the better choice if all your devices on the
network can support it. Nevertheless TKIP is also very robust and it inclines to be more widely
supported by devices. Any of them if better than no encryption at all but AES should be considered
first and TKIP as a backup.
WPA was a replacement for the old and far less secure WEP. WPA2 must be in place instead of WEP
at whatever time possible on any network. WPA2 ensures a more improved level of security than of
WPA as it uses stronger encryption. WPA2 doesnt allow TKIP which has identified security
breaches/limitations in the original WPA security.
There are many forms of WPA2 keys the PSK (Pre-Shared Key) exploits 64 hexadecimal digits
extended keys this is the most generally used in home networks. Routers also call WPA2 PSK as
WPA2 Personal mode which is the same thing and technology.






Unit 32 Networked Systems Security P2
Networked devices
Networked devices are technologies that are used to connect different computers together so they
can share resources. They are also elements which make up a network. These devices include
routers, printers, switches etc.
Security features
A feature found on a router which helps its security is a Firewall. Firewalls stand in the way of any
unwanted things coming from the internet to your pc. They scan incoming packets through a
database and set of rules in order to block anything which doesnt seem fit to be received, this helps
stop malicious and hacker attacks on the network.
WAP or a wireless access point is a device that allows wireless devices to connect to a wired
network. A WAP emits a signal which anyone in range of the signal can pick it up can therefore
connect e.g. a phone. This is a big security risk as a third party such as a hacker can connect to it.
However WAP settings can be adjusted so that it doesnt broadcast its SSID.
A switch is a very common device found in buildings in order to setup a network with multiple users.
In contrast to a HUB a switch takes advantage of IPs and MAC address in order to recognise the
devices connected. A switch protects the network from MAC spoofing this is one security feature
apparent.
Transmission media
There many types of transmission media and there are three main types wire, fiber and wireless. The
highest level and most secure is fiber this is because it is the hardest to tap into. Cable is a bit less
secure since it is not that hard to tap traffic physically. And wireless which can go in many directions
and points so anyone can pick the signal up to trace sensitive information.
However there are factors to consider. Wireless can be made much more secure by the use of WPA
encryption. Also cable could use encryption, be fully switched and use VLANs. So weaker systems
can be made much stronger by the use of more security implementations.
Twisted pair cables can come in shielded form (STP) this makes it less prone to electromagnet
interference or eavesdropping.
Personal access control
There are many ways in which we can prevent and unauthorised access to our personal computers,
information and data.
The tradition method of access control usually uses a user id and password this is the most
commonly used method however it can be easily cracked as compared to biometrics.
Biometrics are systems used for determining and examining personal unique characteristics. These
can be either physical or behavioural which is mainly used for verification but both are able to be
used for both identification and verification. Identification is used to determine who a person is and
verification is to conclude if a person is said to be who they say they are.
Identification involves finding a match on a database which could be very larger so this method is
timely and a lot of processing power is needed. Verification compares a users data with previous
Unit 32 Networked Systems Security P2
records to see if it is the right person, this takes much less time and power and it is intended for
access control.
Physical biometric technologies include iris, fingerprint, retina, palm vein, face and hand.
Behavioural include things like voice recognition, keystroke, gait recognition (way of walking) or
signature.
A digital signature is essentially the process to make sure an electronic document like email, text file
etc. is accurate. This means you know who created the document and to know it hasnt been altered
since the creation of it.
These signatures relay on encryption to guarantee authentication. Encryption involves sending the
information encoded to one computer to another knowing only the other computer is able to
decode. Authentication is the procedure of making sure the document is from a reliable source.
Permissions are rules related to materials on a network or a computer like folders and files.
Permissions control how much access to a file you have and what you are able to do with it.
Administrators are able to set and assign permissions to individual users or groups. Permissions
include full control this is where you can do anything to an object, read is when you can only view
and read the lets say document and so you cannot adjust in any other way like editing it.
Security control at device level
Particular devices are able to be designed for further security like only permitting authorised users
to access certain data. Third party devices are also available to strengthen the security on an existing
device. Security features in devices include login-ins, certificates and protocols.
Protocols like SSL secure socket layer this is used to encrypt information going through transit. SSL
stops the data from attackers and it makes sure that the data is received safety and swiftly to the
intended location.
Login is a feature which asks for a users credentials (usually username and password) in order to
obtain entre into a computer, account or the internet. This is the most basic and most common
security feature in order to avoid unauthorised access.
Certificates are used to provide identity of the sender and that the sender is who they claim to be.
These certificates are issued by certificate Authority (CA).
Certificates exist to identify the sender and make sure that the sender is who they say they are. The
certificates are distributed by the certificate authority (CA).
Encryption:
Encryption stops data from being misplaced during transfer. It uses mathematical elements to
encrypt data so it changes the data into measured codes which are basically impossible to decrypt
without the key which is made during the encryption process. Much encryption is used in the
internet. SSL or secure socket layer encryption process uses two keys. One key recognised as the
public key (this is presented to the public) and the other key is the private-key, this key is solely
Unit 32 Networked Systems Security P2
obtained by the receiver of a message so it can be decrypted into readable form. SSL is widely used
by retail websites in order to encrypt sensitive information like a customers bank details.
Intrusion detection systems
IDS & IPS

What is anti-virus software?
What are virus signatures?
What are false positives/negatives?
Why is updating the virus database important?
What is heuristic analysis