Embed Size (px)
DESCRIPTION
Keynote presentation given on September 17th, 2008 for IMA (non-technical audience) on E-Mail and online safety
Citation preview
Electronic Mail & Online SafetyHenry Van Styn, IntelliTree Solutions
http://www.intellitree.com [email protected]
513-333-0282
September 17th, 2008
Agenda
• How E-Mail works– Dispel misconceptions– General understanding
• Weaknesses in E-Mail– Spam, Viruses– Overcoming weaknesses
• Online Safety– How infections/compromises occur, and why– Prevention– Correction
• Q and A
• Oldest Internet application
• System to relay messages
• SMTP – Simple Mail Transfer Protocol
• Modeled after postal mail
– No sender validation
E-Mail (cont.)
• Sending separate from receiving
• Protocols for receiving
– POP3
– IMAP
– Webmail
– Custom systems
E-Mail (cont.)
Sender Recipient
SMTP Server
Zip codes
E-Mail (cont.)
SMTP Server
DNS
Mail Server for xyz.com
Sender Recipient
Check mail
E-Mail (cont.)
SMTP Server
DNS
Relay Server for xyz.com
Sender Recipient
Check mail
SMTP Server
Mail Server for xyz.com
Spam
• As much as 90% of all mail is Spam• 100 billion spam messages per day
– 14 messages for every person on the planet
• Increasing– 300% increase since 2005
• Anti-Spam systems a necessity
Spam Wars
• Blacklists• Open relays closed
– Workaround: SMTP Auth
• Anti-Spam rulesets• Heuristics and Bayesian learning• Attrition
Paradigm shift - 2003
• Take over PCs - Malware• “Zombie” systems• Botnets• Unprecedented volume
Continuing Spam Wars
• URI Blacklists• OCR scanning• Real time shared anti-spam data• False positives
– Local whitelists
• Collateral damage• Keeping mail servers in “good standing”
Pandemic Spam
Cost of Spam
• Our Anti-Spam systems are 99% effective
• Server load and bandwidth usage continue to increase
• Cost US tens of billions per year
• Estimated world wide cost 2003: $20.5B*
• Estimated world wide cost 2007: $198B*
* The Radicati Group
Online Safety
• Virus authors not just vandals any longer
– Out for profit
• Take over systems - botnets
– For spamming
– For advertising
– For capturing information
– For attacking other systems
“Malware”
• Viruses
• Trojans
• Worms
• Spyware
• Adware
2 ways to become infected
• The computer gets “tricked”
• The user gets “tricked”
Exploits and patches
• Keep computer updated
• Latest security patches
• Windows updates – automatic updates
• Other updates
• Manual updates
Social Engineering
• Users pose a greater risk than un-patched software
• Don’t get tricked:
– Executing malware
– E-Mail attachments
– Web Links
– Fake error messages
Staying safe
• Common sense
• Phishing scams
• Don’t run as Administrator
• What about Anti-Virus software?
Cleaning malware
• Much easier to not get infected
• Tools:
– Spybot S&D
– Malewarebytes
– Trendmicro Housecall
• Reinstall Windows
Questions?
