Week 7 Assignments
Theme for the Week - Electronic Mail Security
Learning Objectives:
• Plan for a secure email infrastructure where email is exchanged and stored securely and only recipients can unencrypt them.
• Explain the use of Pretty Good Privacy (PGP) in encrypting and decrypting email.
• Differentiate between off-line and on-line email encryption techniques.
• Conduct an email risk assessment.
Readings:
• Chapter 7 in your textbook.
This week:
Most of us involved with network security find it humorous that email, in general, is no more secure today than when it was proposed in the 1970s. Think of it like a post card in the snail mail system where anyone can read it if they see it. We protect ourselves behind elaborate firewalls and encrypt our Local Area Networks, wireless networks, and Virtual Private Networks. Then, we send plain text email across a public network where anyone with the appropriate network access and a protocol analyzer can intercept and read it. There are multiple ways to protect email from unauthorized access. In this lesson, we examine how electronic mail can be properly secured.
Assignment 7_1 (On-line Quiz)
Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.
You need to take the quiz by the end of the week to earn credit.
Assignment 7_2 (Post to this week's discussion forum)
Post a substantive answer to one of the following questions. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.
1. Pretty Good Privacy (PGP) documentation often refers to a private key in an asymmetric encryption public/private key pair as a secret key. What problems can this cause and why?
2. What encryption/decryption and hashing algorithms are used in PGP and how are they used?
3. As security consultants, you are asked to evaluate PGP for possible use to encrypt sensitive information for one of your customers. What potential problems or issues do you see with it and what steps could you take to satisfy yourself that the risk is acceptable?
4. Most email is sent as clear text, even though the means to secure it have been around for years. Why do you think most people don't take the extra step of protecting their email? What can be done to promote securing email for general users?
5. How would I turn on Secure/Multipurpose Internet Mail Extensions (S/MIME) in Microsoft Outlook and what consequences would doing so have on recipients of my email? It would be a good idea to use the Internet and other appropriate sources for this information. Remember to cite your sources.
6. What encryption/decryption and hashing algorithms are used in S/MIME and how are they used?
7. What is the difference between PGP and S/MIME? Include a comparison of off-line and on-line encryption in your answer.
8. DomainKeys Identified Mail (DKIM) overcomes some of the problems and restrictions with other secure mail systems. What are the problems and restrictions that it overcomes and how does it overcome them?
9. What does the term Radix-64 conversion mean and how does it work? Provide an example
10. How are keys managed in PGP? As part of your answer, include information on where private keys are stored and how public keys are shared.
Our trivia question for the week: What cryptographic system was used by the Japanese navy in World War 2, and how did we break their code?
General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!
Assignment 7_3 (Attach to this assignment)
For this assignment, create a design for a secure email infrastructure. You can choose any email system, server, client, and security appliance or software that you know about or can find information about from any appropriate source. Your design may be real or notional. It may include components that exist or that are only a figment of your imagination. The only rule about using any component is that you must explain how it contributes to the security of your email system and what, if any, drawbacks or limitations it has. Produce a Visio diagram of your logical infrastructure and a one page summary that explains the major components, their functions, and capabilities/limitations. Include protection against spam and phishing emails in your infrastructure.
Save your deliverables in individual files named CYBR515 Assignment 7_3a and CYBR515 Assignment 7_3b , and attach them to this assignment. Again, please note that both files must be attached at the same time that you submit your assignment. If you submit the assignment with only one file, you will not be able to attach the second one without help from your instructor.
Assignment 7.4 Milestone 3 (Due next week)
You should devote some time to the Milestone 3 submission for your semester project this week. The next set of deliverables are due on the last day of Week 8. Get started as soon as you can to avoid the last minute rush.
