We moved up to the application layer and looked at Web/Email security and malicious programs in week 10. Some of the possible (or impossible) improvements to email systems were discussed. I feel that some of the options we looked at would be impossible given POP3 style communications. The predominance of IMAP and web based email clients could allow for extensions of email systems in the future. The same key issues of data communications were cited as areas where email needs to be improved:

  • Privacy/Confidentiality
  • Authentication
  • Non-repudiation
  • Proof of submission

Some suggested areas of reading on these topics for email: Secure/Multipurpose email extension, Privacy Enhance email.

Integrity and DoS where issues raised when discussing web server security. Additionally the concerns for web server clients. The increasing emergence of cross site scripting XSS indeed puts many users at risk. The automation of modern web browsers, high usage of cookies and large amount of confidential information stored within most people’s browsers server to further increase the threat of XSS.

Given such a large array of risks one could ask how can we protect systems.

malProgramProtection
A simple illustration of the architecture and components of a protected system

In addition to firewalls, anti-virus programs should be utilized. Due to the large amount of computing resources required dedicated scanning machines for system are becoming more common.

Malicious programs come in a wide variety of forms and functions, they can be a field of research all on their own and definitely require more than a week to understand.