Email Security - CompTIA Security +
Hola!
You may think is there no more chit-chat on this blog anymore? I know i know, but as a part of my personal wiki I find beneficial do a step back and continue with more tables... ey but they are good, as always the resources are validated and double check just in case. Resources from CompTIA Security + Study Notes and Ian Neil Manual.
Let's make this fun and discuss this post: Bluesky
1.Common Email Threats
| Threat | Description | Characteristics / Examples |
|---|---|---|
| Phishing | Deceptive emails that manipulate users to open messages or click malicious links. | Pretend to be legitimate correspondence |
| Spear Phishing | Targeted phishing attack aimed at specific groups with personalized emails creating urgency. | Targets board members, key employees |
| Whaling | Email attack targeting CEOs or high-level executives. | Highly focused and personalized |
| Smishing | Phishing extended to text messages with malicious links. | Also includes Vishing (voice phishing via calls) |
| Business Email Compromise (BEC) | Sophisticated attack using legitimate internal accounts to induce malicious actions. | Unauthorized transfers, sensitive info theft |
| Fraud and Scams | Deceptive practices to trick people into giving money or valuable info. | DMARC helps protect against these |
| Identity Spoofing | Forging the sender’s address. | Prevented by SPF, DKIM, and DMARC |
| Brand Impersonation | Malicious actors impersonate well-known brands via email. | Banks and major brands are common targets |
| Typosquatting | Registering domains similar to popular ones with common typos to deceive users. | Used in phishing via fake sites |
| Spam | Unwanted and unsolicited emails. | Filtered to reduce nuisance |
| Malware / Virus | Email as a vector for delivering malware, often via attachments. | Significant threat |
| Data Exfiltration | Unauthorized transfer of sensitive data via email. | Can cause serious organizational damage |
2. Authentication and Integrity Protocols and Techniques
| Protocol / Technique | Function | Main Benefits | Additional Notes |
|---|---|---|---|
| DKIM | Digital signature in email headers to verify source and integrity. | Authentication, spoofing protection, reputation boost | Validation with public key in DNS |
| SPF | Verifies sender IP against authorized IPs in DNS to prevent forgery. | Prevents spoofing and phishing, improves deliverability | Requires TXT record in DNS |
| DMARC | Sets policies for handling email failures, working with DKIM and SPF. | Protects against BEC, phishing, scams; provides reports | Allows actions on failed emails |
3. Encryption and Confidentiality Techniques and Protocols
| Technique / Protocol | Description | Primary Use | Considerations |
|---|---|---|---|
| TLS | Transport encryption method to secure data in transit. | Used in SMTPS, IMAPS, POP3S | Current industry standard |
| SSL | Older version of TLS for securing communications. | Network security | Deprecated, replaced by TLS |
| S/MIME | Uses PKI digital certificates to encrypt or sign emails digitally. | Ensures confidentiality and integrity | Complex to implement |
| PGP | End-to-end encryption using public/private key pairs without PKI infrastructure. | Content protection only for intended recipient | No PKI required |
4. Secure Email Protocols
| Protocol | Description | Primary Use |
|---|---|---|
| SMTPS | SMTP with TLS encryption for secure sending and receiving of emails. | Secure server-to-server communication |
| IMAPS | IMAP over TLS for secure access to email mailboxes. | Secure client email access |
| POP3S | POP3 over TLS for secure (legacy) client email access. | Secure client email access (legacy) |
5. Email Security Devices and Solutions
| Solution | Function | Benefits | Additional Details |
|---|---|---|---|
| Email Gateways | Entry/exit points for emails; routing, security, policy enforcement, encryption. | Defense against spam, malware, phishing; DLP integration | On-Premises, Cloud, Hybrid options |
| Spam Filters | Detect and block unwanted emails. | Reduces nuisance and risks | Techniques: content analysis, Bayesian, DNS blacklists |
| Data Loss Prevention (DLP) | Monitors data in transit to prevent theft or unauthorized data leakage. | Prevents sensitive data leaks | Pattern matching, blocks or alerts |
| Host/Endpoint Security | Protect devices accessing email with antivirus, EDR, MFA, and access control. | Protects accounts and prevents infections | Essential for comprehensive security |
6. Complementary and Organisational Measures
| Measure | Description | Purpose / Benefit |
|---|---|---|
| User Awareness & Training | Training employees to recognize phishing, safe practices, and report suspicious activity. | Reduces human error risk and successful attacks |
| Monitoring & Logging | System and network activity supervision and log analysis for anomalies and incident response. | Early threat detection and forensic analysis |
| Network Security | Firewalls, IDS/IPS, network segmentation, and Zero Trust applied to email systems. | Infrastructure protection and access control |
