2014 2013 Otros ingresos

E-Mail was the original killer Internet app, and continues to be very important. Simple mail transfer protocol (SMTP) is the protocol all mail servers use for sending email messages, and it runs on top of TCP. When you click the send button, it is SMTP that moves that message from your email client to the email server holding your account. That same protocol allows your email server to forward that email to the recipient’s email server. SMTP defines the standard email address format that we all know and love – the ubiquitous ‘[email protected]’. There are tons of email clients out there, with Outlook being the most common desktop client, followed by mobile platforms such as iPhone and Android clients. The most common server-based software packages are Sendmail for UNIX servers and Exchange for Windows servers.

SMTP does not provide a whole lot of security, and so SMTP authentication, or SMTP-AUTH was invented as an extension to SMTP. This allows clients to authenticate with a server before the server will send a message.

When SMTP sends a message, the email server receiving the message will store it in a database until your email client picks up the messages. However, SMTP has no idea how to retrieve messages from the server to the client. That is where the post office protocol, or POP, comes into play. Whereas SMTP is all about sending email, POP knows how to download email messages that have been stored on an email server. The annoying thing about POP is that when it retrieves all new messages, they are automatically deleted from the server. You see, back when POP first came out, people had only one computer, and the idea of mobile devices was just a gleam in the Internet’s eye. POP asks the server for all messages received since the last time it checked, and all messages are downloaded, leaving nothing on the server. This worked fairly well back then, but these days we have multiple platforms checking email for a single email account. This means if you use POP to download email on our phone, those messages will not be visible on your desktop.

Originally, POP pretty much had no security until version 3. That is why when we talk about POP, we usually just call it POP3. POP3 introduced support for simple authentication and security layer (SASL), which is a protocol-independent method for authentication.

That is why internet message access protocol (IMAP) was invented. It does everything POP can do plus a whole lot more. The most important ability is to download all messages that are new to a client, but leave them on the server. That way, one of your clients (your mobile phone email client, for example) can check in and stay in-sync as well. One of the great features of IMAP is that it can mark a message as read from one client, and the other client will automatically get updated to show that message as read as

well. Finally, searching all of your email messages on the server without having to download them all is a key feature of IMAP.

So if IMAP is so great, then why do we still have POP3? The big answer is that it takes time to supplant an older protocol. But there are a couple of legitimate reason to use POP3:

• If your email is stored on a server, the server will impose some limits on how much email you can keep.

• If your email is stored on a server, someone else has access to your email. Think Hillary Clinton. SMTP has a significant vulnerability if an email server is not configured properly. Part of SMTP

capabilities is the feature to relay messages to another server. This is crucial for SMTP to forward messages from one server to another, but it can be easily abused to send out spam. If relay is not

restricted, anyone can connect to the server using SMTP and say ‘I know you don’t know who I am, but please forward my spam email to this list of unsuspecting victims’ – and the server will do it! Therefore, the email server must be configured to accept relay requests only from certain requestors.

Email spoofing is a technique used by spam authors – they will try to make emails look like they are is coming from a legitimate source by filling in the email header with bogus information. No one likes spam email, and in an effort to reduce the number of unwanted messages, the sender policy framework (SPF) was created to detect bogus incoming messages from other servers. This system requires an email server’s IP address to be registered with the owner’s DNS records as an authorized email server. When a recipient email server receives an incoming email message from another server, it will backtrack the domain the email is supposedly coming from, and if the SPF record does not match the sending email server’s IP address, the message is rejected. This prevents rogue email servers or clients from trying to pretend to send email messages form someone else’s domain.

Phishing is an email-based social engineering attack with the goal of getting a victim to click a link in the email leading to a ‘bad’ server, or to get the user to reveal sensitive information about themselves. Phishing email are sent in mass numbers hoping someone will ‘bite’. When a bogus email is crafted toward a specific individual, it is called spear phishing. When that individual is some ‘big fish’ in an organization, such as the CEO, CIO, president or board member, it is called a whaling attack. Both spear phishing and whaling use finely-tuned information to trick a specific individual into becoming a victim.

Network Address Translation

When it became apparent that the world was running out of IPv4 addresses, work began on IPv6. But everyone knew that it would take time to develop and deploy this new addressing standard and a stop- gap was needed. So, network address translation (NAT) was created to buy the world more time. And it worked great. Too great in fact – because NAT has caught on so well, the urgency to transition to IPv6 has been greatly abated. To understand NAT, we have to understand that there are 3 ranges of private IPv4 addresses. When we say private, we mean that they are not publicly routable – you can try and use one of these addresses on the Internet, but chances are you are not going to have much luck. Private addresses are designed to work in private networks, not public ones. Here are the 3 ranges:

• Class A – 10.0.0.0 - 10.255.255.255 • Class B – 172.16.0.0 – 172.131.255.255 • Class C – 192.168.0.0 – 192.168.255.255

The idea behind NAT is that you place some kind of a device in the DMZ that has a public IP address, and all of the devices in your private network use a private IP address. Let’s say, for example, that you have a laptop on your internal network with an IP address of 10.10.1.1 (which is a private IP address), and the laptop user tries to bring upwww.somedomain.comin their browser. So, the laptop will contact

the DMZ device and say ‘Hey, DMZ device – here is my private IP address, and I am trying to reach www.somedomain.com. Will you contact that server for me and let me know when you get an answer back?’ So, the DMZ device reaches out towww.somedomain.com- the server on the other end only sees the DMZ device’s public IP, and replies with a web page back to the DMZ device. The DMZ device remembers that 10.10.1.1 was trying to reachwww.somedomain.com, and sends the web page back to the laptop. That is NATing – the DMZ device is translating a network address from private to public, and back again.

Now, there are 3 types of NATing we can implement. First of all, we can have static mapping, where the NAT software maps a specific public IP address to a specific private IP address. It’s a one-to-one

mapping, and all we are doing is hiding the internal IP address. This is normally used for servers that need to use the same IP address all the time.

Next, we can use dynamic mapping. With this method, the NAT software is assigned a pool of public IP addresses, and they are used as needed – internal devices are assigned a public IP address on a first- come, first-served basis. This requires you to estimate the maximum number of public addresses that will be needed at any given time.

Finally, we can use something called Port Address Translation, or PAT. With this method, you can use a single public IP address for any number of private computers. To make this work, we have to start using ports. In our previous laptop example, the NAT software recorded the laptop’s IP address. With PAT, the laptop’s outgoing port is recorded as well, and a public port is substituted for it. When the public server atwww.somedomain.comsends back a web page, it will send it to the public port. The NAT software (which is also using PAT) will lookup which internal computer was assigned that public port, and then route the web page back to the previously recorded IP address/port. It looks like this:

• The NAT device is configured with a public IP address of 127.43.2.19

• The laptop with a private IP address of 10.10.1.1 contacts the NAT device over port 44,217 • The NAT device assigns this request with an available port of 40,000

• The NAT device contactswww.somedomain.comusing 127.43.2.19/40,000 • www.somedomain.com replies to 127.43.2.19/40,000 with a web page

• The NAT device looks up the original IP/port corresponding to 127.43.2.19/40,000, which is 10.10.1.1/44,217

• The NAT device sends the web page back to 10.10.1.1/44,217

Both dynamic and PAT implementations of NAT are stateful – they must remember the mapping in order to send responses back to the correct internal address.