1

Lecture
Technologies in Securing email
Communications
 Securing Email communications.
2
Expected Learning Objectives:
 Email concept.
 Email clients & service providers.
 Importance of email security.
 Threats associated to emails.
 Email security procedure.
 Consideration when choosing email client.
3
An email client is a program that allows you send or receive email
communications.
1) Security – Encryption, spam filters & regular updates from threats.
2) Privacy – share privacy policies to users.
3) Visual Appeal – Easy to use controls, Not clustered Content on page.
4) Functionality – i.e display contents before downloading, support multiple
languages
5) Reliability – consistency in performance & backup options.
6) Availability – accessible in multi-platforms.
7) Ease of Use - HCI Options i.e storing & retrievals of mails
 Email Security Threats:
4
1) Malicious email attachments.
2) Malicious user redirection – Links within mails directing
users to malware sites.
3) Phishing – User personal/financial info is requested for
malicious gain.
4) Hoax Mails – Attackers sends email to potential victim
scaring them to install certain malwares or reveal certain
info.
5) Spamming. – leads to pollution of internet experience &
company reputation,,(Install spam fighters).
(Expounded Details in notes)
Phishing & Hoax Mails Security Threats Examples:
5
 Email Security Procedures:
6
1) Create & Use strong Passwords – Use 2step verifications.
2) Disable keep me signed in/ stay signed in functions.
3) Provide recovery email address for mail recovery.
4) Use HTTPS enabled email service providers.
5) Turn off the preview Feature.
6) Scan email attachments for malwares.
7) Digitally sign your emails.
8) Encryption – Use of Asymmetric, Symetric,Hash functions

(Expounded Details in notes)

 Available Email Security Tools:
7
❖ Comodo Antispam – www.comodoantispam.com
❖ Netcraft Toolbar – http://toolbar.netcraft.com
❖ Phishtank Sitechecker – https://addons.Mozilla.org
❖ Spamihilato – http://www.spamihilator.com
❖ GFI MailEssentials – http://www.gfi.com
❖ McAfee total protection – http://home.mcafee.com
❖ PhishTank – http://www.phishtank.com
❖ Sophos mail appliance.

(Expounded Details in notes)

 Module Summary:
8
 Email Definition.
 Email client selection – Security,Privacy,,Visual appeal,
availability & ease of use.
 Email Security threats – Malicious attachments, Malicious
redirections, phishing, hoax mail & Spam.
 Lecture 3
9
Securing Mobile Devices
 Securing Mobile Devices.
10
Expected Module Objectives;
❑ Importance of Mobile Security.
❑ Importance of IMEI Number (International Mobile Equipment Identity)
❑ Risks to Mobile devices.
❑ Mobile Malwares.
❑ Bluetooth Threats.
❑ Mobile device security procedures (Android,iOs & windows devices.
❑ Mobile security tools.
 Securing Mobile Devices.
11
Mobile OS
❑ iOS – For Apple’s products comes with Safari web browser.
iOS (formerly iPhone OS) is a mobile operating system created and developed
by Apple Inc. exclusively for its hardware.

❑ Android – Google;s product powered by linux kernels – open source

os. - Developed by Google to be primarily used for touchscreen devices, cell
phones, and tablets.

❑ Windows – Microsoft product with windows explorer/edge and

Exchange to support corporate emails.
 Securing Mobile Devices.
12
IMEI Number
o Critical as an operating system aiding full functionality of
any mobile device.
o IMEI helps to identify any device that uses cellular
networks.
o Secondary purpose is to aid in tracking lost mobile
devices.
o They are hard-coded into hardware devices for identity
reasons.
o Helps in subscribers identity and subscriber to remotely
disable & blacklist in cases of theft.
 Securing Mobile Devices.
13
Mobile Security Risks/Threats.
o Eavesdropping – Anauthorized real time interception of private
communication.
o Unauthorized Access – Due to weack security controls, mobile
break-in is high.
o Theft & Loss.
o Unmanaged applications – Due to irregular updates uncensored
apps.
o Mobile devices inability to limit Internet connections.
 Securing Mobile Devices.
14
Mobile Application Vulnerabilities.
Mobile apps are aimed at simplifying tasks for the user but most
come with a price of security vulnerabilities such as;

o Insecure Data Storage.

o Insufficient Transport Layer protection due to frequent requests
across web servers.
o Poor Authorization and Authentication.
o Brocken Cryptography – Not solved yet to protect mobile data.
 Securing Mobile Devices.
15
Bluetooth Threats in Mobile devices.
Besides Mobile apps, Bluetooth pose a serious risk to mobile platforms.

o Bluesnarfing – Hacking into an open & insecure connection on

phone (possible in discoverable modes).

o Man in the Middle Attacks.

o Backdoor Hacking – Possible if untrustworthy phone is paired via

Bluetooth with another phone.
 Securing Mobile Devices.
16
Mobile Security Procedures.
o Updating Mobile Operating systems.
o Updating Applications esp in Android/iOS & Windows Devices.
o Secure your Bluetooth/WiFi connection.
o Self Preparedness for Mobile device thefts by – (Awareness,
Encryption thru PIN, Autolock etc,Backups & Ensur it).
o Android Device Manager – only for registered devices on google
account – www.android.com/devicemanager
o Enabling Find my phone in windows phone –
www.Microsoft.com/devices
 Securing Mobile Devices.
17
Mobile Security Tools
Important to install security tools on all smartphones in security enhancement.
Lookout Mobile Security
o Free app protecting iOS & Android devices from unsecure WiFi networks
malicious app, fraudulent links, schedules auto backups and phone locate
on Google maps even if the GPS is off.
Snap Secure Mobile Security.
Back-up data to online accounts, provides antivirus and anti-spyware
protection, scans all new apps for malwares. The Privacy manager in SSMS lets
one know how apps are using personal information, has anti-theft and location
tracker. It also has a unique feature called Personal Guardian- Acting as Panic
button for users to silently sending email,sms or tweet along with their location
incase of an emergency.
(Free to download apps- But better recommendations on purchase as they offer greater security eg MobileIronand Airwatch Best
security apps.)
Securing Mobile Devices.
18
Discussion Questions.
 Lecture 4 19
Securing The Cloud.
 Module 8 – Securing The Cloud.
Cloud has become the nest of all operation activity for daily
20
operations whence hackers see cloud as a fruit bearing jackpot.
The delivery of computing services—including servers, storage,
databases, networking, software, analytics, and intelligence—over the
Internet (“the cloud”) to offer faster innovation, flexible resources, and
economies of scale.

Objectives:
 Understand Types of clouds & Services they offer.
 Cloud Advantages.
 Threats to clouds & countermeasures.
 Cloud Privacy Issues and how to address them.
 Choosing the cloud correctly
 Securing The Cloud.
Types of Cloud Architecture. 21

Cloud has Four flavors catering to different needs of consumers

 Private Cloud – For Single Entity or Org- Orgs Private storage
especially with sensitive data.
 Public Cloud – Owed by service provider and shared by
several resource tenants.
 Community Cloud – Belongs to a group of organizations with
similar interests.
 Hybrid Cloud – A mix of two or more different kinds of
architectures. (like Amazon Web Services (AWS), Microsoft Azure, or
Google Cloud)
 Securing The Cloud.
Types of Cloud Architecture Comparison. 22
 Securing The Cloud.
Types of Cloud Architecture Comparison. 23
 Securing The Cloud.
Types of Cloud Computing 24

 IaaS– (Infrastructure as a Service) ITs Infrastructure is

provided to clients in form of either N/W,Virtual PCs &
storage space.
 PaaS–(Platform as a Service) Consumers are given the
chance to only focus on the applications that they run on
cloud, other complexities of building& maintaining the
infrastructure is done by the cloud service provider.
 SaaS– (Software as a Service)-Belongs to a group of
organizations with similar interests.
 Securing The Cloud.
Cloud Threats 25

 Data Breach – More devastating as it targets multiple users

 Data Loss.
 Account Hacking.
 Disgruntled Insider.
 Technology Loop Holes.
 Shared Space – One user peeping into other user’s data is ennevitable.
 Securing The Cloud.
Cloud Security Safeguards. 26

Precautions that users can take to protect their data stored on

cloud;
 Data Back Up.
 Update Back ups regularly.
 Strong Passwords.
 Two step Authentication mechanism.
 Encryption.
 Have a Disciplined online behavior.
 Avoid keeping sensitive Information on cloud.
 Securing The Cloud.
Cloud Privacy issues 27

The following factors influence the overall privacy of data on cloud;

Data ownership.

1) Data ownership in the cloud is a complicated issue. Determined by both

government and company policies, data ownership in the cloud is not
always retained.
2) According to the Facebook end-user-agreement, the company stores data
for as long as it is necessary, which might not be as long as users want. This
sadly means that users lose data ownership. Worse still, the servers are
located in different locations, in and out of the United States, subjecting
data to different laws.
 Securing The Cloud.
Cloud Privacy issues 28

The following factors influence the overall privacy of data on

cloud;
❑ Data Location –Replicated over Distributed system Architecture
❑ Data Migration- Mostly Characterized by Confusion and Disorganization. Data Loss.
Compatibility Issues and Hardware Challenges.

❑ Data Permanency – Deletion isn’t a solution to closing an

account
 Securing The Cloud.
Addressing Cloud Service issues 29

In attempt for clients keeping their data private the following

should be explored.
 Apply data Encryption.
 Read terms & conditions carefully.
 Avoid the share feature on cloud.
 Avoid storing sensitive data on Cloud.
 Securing The Cloud.
Choosing Cloud Service Provider 30

Answering the following questions to self satisfactory thus can one

proceed on cloud selection.
1) How much space one needs.
2) How much will the space cost?
3) Accessibility of cloud service to customer.
4) References from other neutral customers opinions.
5) How secure is the cloud?
6) What happens incase of data lose?
7) What/where is the location of data centres?
8) How often does the cloud service go down?
31