?
Solved

How to protect email from home

Posted on 2005-03-24
5
Medium Priority
?
290 Views
Last Modified: 2010-04-11
This is a follow up question to the one posted here : http://www.experts-exchange.com/Security/Q_21364278.html

Is someone safe from eavesdropping behind a linksys (or whatever) firewall/router - running XP PRO (on cable internet)  ...
Are users vulernable to having their POP3 traffic sniffed ?
What are the vulnerabilites ?
What can a user do to keep their communication secure ?
0
Comment
Question by:Gitcho
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Accepted Solution

by:
lepiaf earned 1000 total points
ID: 13629430
a firewall doesn't keep anyone from potential sniffing, it justs filters incoming traffic. A man in the middle attack is still possible.

pop3, smtp are clear text protocols, just like ftp, telnet, http.

you can use digital signatures in order to secure the content of mails. also, if possible you should require authentication and encryption from the mail server.

an AV scanner will detect dangerous attachements. the best match, not to get any dangerous mail would be to filter out certain file types from incoming traffic, like .bat, .msi, .exe, .sh, .js etc.

cheers,
LePiaf
0
 
LVL 5

Author Comment

by:Gitcho
ID: 13630534
can't i use SSH to add a secure layer ?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 13630904
To sniff traffic on an internet connection such as a cable modem or dsl line is not easy to do. Number one, because any cable or dsl provider, worth a dime should able to adminster subnetting and routing properly. Number two, keeping in mind that number one is true, the only sniffable traffic is going to be brodcast traffic, such as Arp resolution/request traffic, DHCP requests, or multicast traffic (amoung some others) these are the most common types you'll see if you sniff the traffic on your internet connection.  To be in a postion to sniff traffic, it has to be in the same broadcast domain (reffered commonly to as a vlan) which is determined by the subnet mask, or you have to have access to the traffic flow itself.

You will not be able to sniff you neighbors http or pop3 traffic, and they will not sniff yours (unless they have hacked your pc and run ethereal tcpdump on it)

A hub is one large broadcast domain, all packets can be seen by all PC's hooked up to the hub. Hubs are stupid, rather uninteligent networking devices, subject to collisons (multiple pc's sending data at the same time) and lower over all throughput. A switch is much more inteligent, and does a little bit of routing with packets by inspecting where packets are going to/from. This way packets/traffic isnt seen by all devices on the switch, but broadcast's are, as that is their nature and purpose, to shout to an unknown destination for an answer. When the servicing destination sees those shouts it's able to reply with a shout itself, and the original pc that shouted see his MAC address as the Destination he knows he got an answer.

Cable/DSL companies provide you with a router, or require you to provide you own. The router will pass on broadcast like the switch, unless it already knows the answer, and the router they/you provide routes the traffic to the ISP, then out to the internet. The only points to sniff the traffic (minus broadcasts) is the router itself , the ISP's routers, the other ISP's the traffic routes through, or the destination itself.

ISP's aren't interested in sniffing/capturing traffic, and they employ very stringent security on their physical equipement. I have worked for/with several. The best and easiest place to put a sniffer is on a switch, and setting up a spanned or mirrored switch port would not go unnoticed. Using a hub on a switch port would go unnoticed if it werent for hub's being very noticeable, and even a quick port disconnection/reconnection is not going to go unnoticed with the major players.

As I indicated in my other post http://www.experts-exchange.com/Security/Q_21364278.html a VPN is a good solution to securing your traffic in a wireless environment where all your ALL traffic is broadcast through the air for anyone to see/sniff. PGP or public key encryption of email is also a good idea, but your mail provider has to support it. Your traffic is relitivly safe for the most part, barring your PC is not hacked/root'd.
-rich

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A look at what happened in the Verizon cloud breach.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question