Email Security Strategy
The most pervasive means of communication today for businesses and private citizens, Electronic mail or Email, was not designed with security in mind. Today, Email application is built into almost all smart devices from phones to computers to gaming and sensor devices. however, the Email message that this device send and receive is transmitted in plain text format in almost all cases. with ever-increasing cybercrime, sending plain text message that can potentially contain sensitive data is a risky undertaking. This weakness in security in Email systems, has made Email the primary attack vector for criminals. Cybercriminals use Email as simplest and cheapest method to ship their malicious payload to targets.
To make emails more secure, cryptographic solutions and smart card use are proposed and are being deployed in different organizations. Encrypting Email in transit ,content filtering and
Common Access Card Deployment Strategy
The Common Access Card or CAC is a smart card designed to be used as an ID card that enables physical access to buildings and controlled space like server rooms and for access to computer systems and networks. Department of Defense (DoD) deployed this system to meet its high security requirements for authentication of personnel entering in the Department’s buildings, controlled areas and computer networks. Common Access Card is a smart card that has public key infrastructure (PKI) features to provide secure system functionalities such as authentication, data integrity, confidentiality and non-repudiation. CAC stores the private key of the client certificates, used with PKI cryptography program, in the card and it is hard to extract this key from the card (Dasgupta, Chatha, & Gupta, n.d.).
Common Access Card relies on public key systems and certificates which are way more secure than the current common username and password based identity management systems. An important consideration with Public key based system is that the system is secure as long as the private key remains private. CAC is temper resistant and portable. The CAC is planned to be most widely used in the future to encrypt Email, expanding number of web portals for online business suing public key infrastructure (PKI) authentication tools. Adding a biometric to the card will provide three-factor authentication (Dasgupta et al., n.d.).
Common Access Card (smart card) Deployment
Enterprises are consistently looking for secure solutions that provide easily deployable, strong authentication with data protection capacity and improved user experience. CAC is believed to provide strong protection without the need to modify their existing infrastructure. With CAC, organizations are looking to achieve strong multi-factor authentication, access into all applications with added single sign on features. To that end, cost efficient deployment and life cycle management strategy is a must.
The basic phases of CAC (smart card) deployment as outlined by Microsoft are:
Envisioning phase. Develop clear vision for the CAC implementation. Involve higher management. Executive buy-in is crucial to get sponsorship for the project. This is where requirement gathering, documenting of the requirements, creating vision strategy, Team building and preparation and high-level vision or scope review will be conducted.
Planning phase. After the envisioning phase has been full executed and the visionscope approved for implementation, this phase will follow. In this phase, detailed planning and specification for the CAC deployment project will be outlined. The main activities in this phase would be preparing the functional specification for CAC, Designing the chip and cards and readers, preparation of schedule and budget, prepare Risk assessment were the team will brainstorm the risks to the smart card deployment in a way that it will address risks associated to lost cards, inconsistency, inefficiency etc., conduct a project plan review.
Development phase. Enterprises usual work with different software vendors and card manufacturers to custom design their smart card solutions. However, some in-house development is required to enable smooth application integration, develop deployment script and to add custom features depending on the type of business the firm does and security considerations. The main tasks in this phase are proof of concept to test the card solution in a simulated lab setting, pre-production testing ,pilot deployment ,preparing of production deployment plan, policies and procedures ,determine the number of cards needed, plan process for card issuance and training end user and conduct a ready-to-release review. Once the tasks in this phase have been executed the final stage in the smart card deployment process would be to deploy core technology, deploy readers and begin issuance of the card.(TechNet, n.d.)
Email Security Strategy
The three core principles when it comes to information security, Confidentiality, Integrity and Availability (CIA) holds true in Email security as well. However, there is one other principle to consider in Email security, Non-repudiation meaning that the sender of the Email could not later deny their motive to create or transmit the information or data contained in the Email (Gurowicz, 2002).
Email is by far the most useful form of communication today both for business and social networking or personal communication. Therefore, Email is going to remain as the main media for fast, easy and cheap way of information exchange for operations management as well as to facilitate daily business transaction and this information being transmitted via Email often contain sensible data that could be lucrative to the eyes preying on network traffic.
Secure Email means:
- There is guarantee that the message sent will be delivered to the addressed recipient
- There is no interference, change or disclosure while in transit
- The recipient is assured that the sender is indeed the person who he claims to be
- No one else has viewed the content or added malicious payload while in transit (Gurowicz, 2002).
The main consideration that a firm should analyze in relation to Email security is that the level of sensitivity of the messages being transmitted via Email. If the Business to Business or Business to customer or Employee to Employee Email communications does not contain sensitive data, then the firm can save a lot on Email security spending. However, compliance to some regulations may require certain level of security to be employed by organizations to meet privacy protection policy requirements of their customers data (Gurowicz, 2002).
Threats to Email Security, Email System issues and Solutions for Securing Email
One of the most common challenges to Email security is content filtering; unwanted and malicious attachments such as Viruses, spam, phishing attachments or messages, should be filtered out before the users open and get hacked. The other challenge is to secure the data or messages that flow from the sending client to sender’s mail server then to the receiver’s mail server and finally to the receiving client. Basically, securing Email requires securing the messages being transmitted. The transmission media including devices used to access Email clients ,Servers that store andor transmit Email messages and the networks over which this transmission occur all need different level of security to make the system safe for message transmission via Email systems (Bosworth, Kabay, & Whyne, 2014).
Email System issues and Solutions for Securing Email
The main protocol used for the sending of information from sender’s client to sender’s Email server, and then that handles forwarding of this messages from sender’s Email server to receiver’s Email server is known as Simple Mail Transfer Protocol (SMTP), SMTP does not have inbuilt capability to ensure security to the Email message being transmitted. SMTP has many shortcomings to meet security requirements. There is no inbuilt encryption function in SMTP. It stores information about sending clients and if the SMTP server is compromised, then email can be read or copied with no further effort to decrypt since the message is in plain text and the sender information can be easily accessed. In addition, SMTP does not have any inbuilt way of authenticating the identity of the sender; hence it is prone to repudiation and phishing. Many organizations take backup of Emails from SMTP Servers and retain for a long time, hence, even if the messages were deleted, backup copy remains on the backup server for a long time which increases the risk of potential loss of sensitive data if the servers where to be compromised (Dilpreet Bajwa, 2011).
The POP3 and IMAP protocols used for pulling Email from receiver’s Email server to receiver’s Client are security risk in that they transfer the credentials used to authenticate to the mail server in plain text. That is the reason way latest corporate Exchange servers do disable this protocols by default and establish client access using MAPI /RPC protocols. To conquer all this shortcoming of the protocols used for transmission of messages via Email, modern Email systems implement additional security features by utilizing add on Security Protocols. When properly implemented and configured this add on Email security protocols provide varying security features such as symmetric/Asymmetric encryption, digital signatures and IP address verification. This capability significantly reduces the aforementioned issues with repudiation and phishing (Dilpreet Bajwa, 2011).
Forcontent filtering, at the mail client and server or system level, implement malicious program scanning and Spam filtering tools such as, FireEye Email Security (EX series), to keep out malicious programs from reaching end users and cause damage. User training should also be part of the Email security strategy where experts will conduct awareness training to give users all the necessary skill and tools to better prepare them to identify malicious mail content and attachments and send any suspicious email to the information security departments to investigate the origin and contents of those emails (Stine & Scholl, 2010).
To secure the Email message itself, avoiding the transmission of clear text message is the first big step towards secure Email. To that end, a combination of cryptography and other transport layer security protocols can be implemented at different points in the Email transmission system. Cryptography or Encryption of the message ensures safety in case if Email message were to be intercepted in transit or due to a system issue or human mistake during sending, the message goes to the wrong inbox or recipient. To achieve this goal, the most commonly used solutions such as pretty Good privacy(PGP), GNU privacy Guard(GPG), Public key infrastructure (PKI), Digital Signatures provide the mechanism and Algorithm needed for securing Email messages in transit (OstermanResearch, 2009).
Pretty Good Privacy (PGP) is an open source application layer cryptography tool. It provides security to Emails by enabling authentication and helps to send messages confidentially. It uses private-public key Cryptography technology to provide secure Email message transmission. PGP encryption uses a fast encryption algorithm. When using this tool, the senders of Email message encrypt the message using the public key of the receivers to encrypt the message at their end and then upon arrival the receivers decrypt the message using their private key (Margaret Rouse, 2014).
GNU privacy Guard (GPG) is implemented in a similar fashion as PGP and hence uses public-key cryptography. GPG also commonly known as GnuPG, uses a pair of private key which only the creator has, and the public key which would be shared to others or stored on key server for others to use to encrypt their messages addressed to the owner of the key. GnuPG uses, in addition to the primary keypair, subordinate keypair to simplify key management. The Cryptographic algorithm used is based on the PGP, with some modification or additional features (Matthew Copeland, Joergen Grahn, n.d.).
Public key infrastructure (PKI) on the other hand, is a set of roles or processes used to facilitate public key management. In Email security, this provides the foundation to bind the pubic keys to identities or entities. It allows the distribution and use of public keys in a way that provides out of the box solution for different applications to implement cryptography (Scribner, 2002).
Digital Signatures are used to sign Email messages with a digital signature that will be used to authenticate the creator or sender of the Email message. Although, digital signature uses key pairs to authenticate the sender of the message and to time-stamp the message or document, the way it works is different than PGP or GnuPG in that in Digital Signatures the private key is used to sign the message and the public key is used to authenticate the identity or originality of the signed message. Messages sent signed by one’s digital signature provides the same validity and authenticity as one signed by one’s own signature (Scribner, 2002).
Network Security Vulnerability and Threat Table
Table.1 Network Security Vulnerability and Threat Table
|Risk/Threat/ Vulnerability||Risk Rating
|Recommended Mitigation||Priority Level High MediumLow||Planned controls||Resource Requirements||Assigned Team||Remarks|
|Spoofing -impersonation of someone or something||3.0||Strong Authentication||Medium||Authentication stores||Training users on strong password use, single sign on, use of smart cards||System Administrators and Database Administrators||There is no start date as this is open date, every time new employees join the frim they should be trained|
|Information disclosure -Exposing data to unauthorized entities||4.0||Encryption, least privilege||High||Encryption||Cryptographic tools||System Security and database team||Encrypt data at rest and in transit so only the intended parties with decryption key can have access to it|
|Elevation of privilege -gain access rights without proper authorization||5.0||Privileged account protection, Role based access control(RBAC), etc.||High||RBAC, privileged account management solution||Active Directory design, commercial Enterprise privileged account management software||Security and system administrators||Role based access control in combination with privileged account management reduces risks associated to this threat|
|Denial of service -deny or degrading of service||4.0||Redundancy through server failover clustering, database always on set up, network throttle||High||For server clustering, for databases always on, mirroring etc., network throttle||Server with clustering capability, operating system that support clustering and license for database servers||Server team, database team, network team||Implementation of all planned controls requires collaboration across IT functions|
|Tampering-modifying data or script||3.0||Crypto hash, digital watermarking||Medium||Crypto hash, digital water marking||Solutions for cryptography implementation, tools for digital watermarking and skill manpower||Security team members with crypto hash experience, server and application teams||The team members can be from any IT functions with special skills in this area|
|Repudiation-claiming to have not sent Email, or not performed an activity||4.0||Logging infrastructure, packet capturing and analyzing||Medium||Logging infrastructure that logs information on users of process and services, solutions to capture packet and analysis||Logging infrastructure, packet analyzer||Security team, network team|
Recommendation and Conclusion
Email security can be achieved when Email content is secure, Email messages are read and accessed by the intended recipient only and the devices that transmit, store and facilitate Email message reading and creating are secure. To that end we recommend:
Recommended solution is FireEye Email Security (EX series). This is designed to provide security to Email messages against advanced attacks. It is part of FireEye Global threat management platform that applies signature-less tool to analyze every email attachment and quarantines malicious or spear-phishing email. It protects against spear-phishing attacks, detects and reduces credential phishing, identifies and stops multistage malware attacks, scans Email for threats such as 0-day exploits, attacks hidden in ZIP/RAR/TNEF archives and malicious URLs etc.(“FIREEYE EMAIL SECURITY (EX SERIES),” 2016)
Encrypting Email messages
Cryptographic solutions and smart cards like Common Access Card provide technology for encrypting/decrypting of Emails messages in transit and at rest. For optimum security, Email messages should always be encrypted once the creator hits send button on his client all the way through the system till it gets to the receiver’s client and should remain Encrypted till the receiver opens it for reading, in which case, the Email should be decrypted automatically. Recommendation is to use a mix of end-to-end encryption solutions such as PGP, GnuPG, Digital signatures and smart cards to digitally sign Emails.
Securing Client devices, servers and Network
Content filtering and Encryption does not guarantee security unless devices that are used to compose, access and archive Emails are not secure. Emails servers store copy of Emails even if they were deleted. Software products used on client devices such as laptops, desktops, smart phone etc to compose and access Emails can be accessed if the devices are not well secured. Network devices that are used to transmit Email messages should be secure. Recommendation is to have a standard network and computerserver security procedures such as identity management, firewall configuration and use of intrusion detection and prevention system etc. and it should be strictly implemented to make Email system secure (Tracy, Jansen, Scarfone, & Butterfield, 2007).
Bosworth, S., Kabay, M. E., & Whyne, W. (2014). Computer security handbook. Computer Law & Security Review (Vol. 22). https://doi.org/10.1016/j.clsr.2005.12.007
Dasgupta, P., Chatha, K., & Gupta, S. K. S. (n.d.). VIRAL ATTACKS ON THE DoD COMMON ACCESS CARD (CAC). Retrieved from https://pdfs.semanticscholar.org/1a0a/895aa4abc182645f6e770b4a206ff65e6472.pdf
Dilpreet Bajwa. (2011). Review of E-mail System, Security Protocols and Email Forensics. Retrieved from http://www.ijcscn.com/Documents/Volumes/vol5issue3/ijcscn2015050311.pdf
FIREEYE EMAIL SECURITY (EX SERIES). (2016). Retrieved from https://www.fireeye.com/content/dam/fireeye-www/products/pdfs/pf/email/fireeye-ex-series.pdf
Gurowicz, M. B. (2002). SECURE EMAIL DETERMINING AN ENTERPRISE STRATEGY AND DIRECTION. Retrieved from https://www.sans.org/reading-room/whitepapers/email/secure-email-determining-enterprise-strategy-direction-590
Margaret Rouse. (2014). What is Pretty Good Privacy (PGP)? – Definition from WhatIs.com. Retrieved June 11, 2017, from http://searchsecurity.techtarget.com/definition/Pretty-Good-Privacy
Matthew Copeland, Joergen Grahn, D. A. (n.d.). The GNU Privacy Handbook. Retrieved from https://www.gnupg.org/gph/en/manual.pdf
OstermanResearch. (2009). The Critical Need for Encrypted Email and File Transfer Solutions. Retrieved from http://www.datamotion.com/wp-content/uploads/2013/03/DM_WhitePaper_OR_The-Critical-Need-for-Encrypted-Email-and-File-Transfer-Solutions-July-2009.pdf
Scribner, D. D. (2002). An Introduction to GNU Privacy Guard. Retrieved from http://www.nichedevelopment.com/pub/introduction_to_gnupg.pdf
Stine, K., & Scholl, M. (2010). E-mail Security: An Overview of Threats and Safeguards. Journal of AHIMA, 81(4), 28–30. Retrieved from http://library.ahima.org/doc?oid=99319#.WTr3B-vyupo
TechNet. (n.d.). Logistics of Smart Card Deployment. Retrieved June 13, 2017, from https://technet.microsoft.com/en-us/library/dd277379.aspx
Tracy, M., Jansen, W., Scarfone, K., & Butterfield, J. (2007). Guidelines on Electronic Mail Security. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf