IT Security Blog

The Path Traveled by Emails

By

To say that an email is generally insecure is clearly an understatement because of the number of proven threats and invasive practices that have transpired mainly due to violation of its original intent.  Email messages have their intended recipients and when some other party gets to eavesdrop, certain risks arise.  These include identity theft, invasion of privacy, modification of messages, false messages, repudiation, replay of messages, and unprotected back-ups.

An email is sent through the “Simple Mail Transport Protocol” or SMTP.  It uses the “Hyper Text Transfer Protocol” or HTTP language to send a message through the SMTP server in order to reach the recipient.  When the recipient’s actual SMTP server cannot be contacted, the sender’s server will try to contact back-up servers when available.  It will try to contact the intended recipient’s server for a number of days before it finally gives up.  The message becomes available for reading once it is received by the recipient’s server.  The amount of time wherein an email message travels from the sender to the recipient varies depending on the servers’ traffic load.

The travel time of an email is the most critical phase of the process in terms of exposure to risks.  Potential risks can be lessened through the use of encryption.  One way is through symmetric encryption wherein the sender and recipient share a secret key.  Plain text is converted into cyphertext which would appear meaningless to anyone who does not have the secret key.  The message needs to be decrypted before it is understood.  Asymmetric encryption requires the use of a private and public key.  The private key is expected to be kept secret by its holder for the asymmetric encryption to retain its security.  Most email messages are made more secure through the Secure Socket Layer (SSL).

Assigning Limited Email Space and Security

By

A lot of the viruses and Trojans today find their way into a network or a computer using emails. They come in the form of links or attachments which are always a risk for anyone especially if they don’t have the proper software to screen these files being sent via email. One good way to go about it is to set limits as far as the main email configuration server is concerned. While it may not be able to screen links in emails, attachments of any sort can be minimized.

A good way to provide manual preventive measures is through memorandums and of course lectures that IT personnel can provide to the people in an organization. Newsletters are another option, warning people of virus alerts and how they can make their way into computers.

Spreading in networks starts from one computer. These are a given. So if network and security administrators want to avoid having to address such issues, it would be best to start by safeguarding workstations and orienting people of the threat of such.

Of course, not all people will be listening to you. As far as they are concerned, it is the duty of IT personnel to block them off even before they reach the individual mailboxes. Petty as it may seem, it would be best to use all precautions necessary. While many people will not cooperate, there are measures a good IT person can do and it all starts with research and beefing up security measures through software and policy declarations.