Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

How to protect email from home

This is a follow up question to the one posted here : http://www.experts-exchange.com/Security/Q_21364278.html

Is someone safe from eavesdropping behind a linksys (or whatever) firewall/router - running XP PRO (on cable internet)  ...
Are users vulernable to having their POP3 traffic sniffed ?
What are the vulnerabilites ?
What can a user do to keep their communication secure ?
0
Gitcho
Asked:
Gitcho
2 Solutions
 
lepiafCommented:
a firewall doesn't keep anyone from potential sniffing, it justs filters incoming traffic. A man in the middle attack is still possible.

pop3, smtp are clear text protocols, just like ftp, telnet, http.

you can use digital signatures in order to secure the content of mails. also, if possible you should require authentication and encryption from the mail server.

an AV scanner will detect dangerous attachements. the best match, not to get any dangerous mail would be to filter out certain file types from incoming traffic, like .bat, .msi, .exe, .sh, .js etc.

cheers,
LePiaf
0
 
GitchoAuthor Commented:
can't i use SSH to add a secure layer ?
0
 
Rich RumbleSecurity SamuraiCommented:
To sniff traffic on an internet connection such as a cable modem or dsl line is not easy to do. Number one, because any cable or dsl provider, worth a dime should able to adminster subnetting and routing properly. Number two, keeping in mind that number one is true, the only sniffable traffic is going to be brodcast traffic, such as Arp resolution/request traffic, DHCP requests, or multicast traffic (amoung some others) these are the most common types you'll see if you sniff the traffic on your internet connection.  To be in a postion to sniff traffic, it has to be in the same broadcast domain (reffered commonly to as a vlan) which is determined by the subnet mask, or you have to have access to the traffic flow itself.

You will not be able to sniff you neighbors http or pop3 traffic, and they will not sniff yours (unless they have hacked your pc and run ethereal tcpdump on it)

A hub is one large broadcast domain, all packets can be seen by all PC's hooked up to the hub. Hubs are stupid, rather uninteligent networking devices, subject to collisons (multiple pc's sending data at the same time) and lower over all throughput. A switch is much more inteligent, and does a little bit of routing with packets by inspecting where packets are going to/from. This way packets/traffic isnt seen by all devices on the switch, but broadcast's are, as that is their nature and purpose, to shout to an unknown destination for an answer. When the servicing destination sees those shouts it's able to reply with a shout itself, and the original pc that shouted see his MAC address as the Destination he knows he got an answer.

Cable/DSL companies provide you with a router, or require you to provide you own. The router will pass on broadcast like the switch, unless it already knows the answer, and the router they/you provide routes the traffic to the ISP, then out to the internet. The only points to sniff the traffic (minus broadcasts) is the router itself , the ISP's routers, the other ISP's the traffic routes through, or the destination itself.

ISP's aren't interested in sniffing/capturing traffic, and they employ very stringent security on their physical equipement. I have worked for/with several. The best and easiest place to put a sniffer is on a switch, and setting up a spanned or mirrored switch port would not go unnoticed. Using a hub on a switch port would go unnoticed if it werent for hub's being very noticeable, and even a quick port disconnection/reconnection is not going to go unnoticed with the major players.

As I indicated in my other post http://www.experts-exchange.com/Security/Q_21364278.html a VPN is a good solution to securing your traffic in a wireless environment where all your ALL traffic is broadcast through the air for anyone to see/sniff. PGP or public key encryption of email is also a good idea, but your mail provider has to support it. Your traffic is relitivly safe for the most part, barring your PC is not hacked/root'd.
-rich

0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now