secure-email-domain-name-system-design.pptx

MuhammadSalahuddien 6 views 15 slides Aug 18, 2024
Slide 1
Slide 1 of 15
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15

About This Presentation

Secure Email and DNS

Size: 26.39 MB
Language: en
Added: Aug 18, 2024
Slides: 15 pages

Slide Content

Secure Email + DNS M.S. Manggalanny

DNS Configuration #1 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 1

Reverse DNS NORMAL A is NAME to IP resolution Forward A Record dig mail.microsoft.com ;; ANSWER SECTION: mail.microsoft.com . 681 IN A 131.107.125.5 REVERSE PTR is IP to NAME resolution Reverse PTR Record dig -x 131.107.125.5;; ANSWER SECTION: 5.125.107.131.in-addr.arpa. 3600 IN PTR mail.microsoft.com . 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 2

SPF (Sender Policy Framework) Email providers now require valid SPF (Sender Policy Framework) records. An absent or incorrect SPF record may trigger additional email filtering causing the email to fail. The SPF is a TXT type record that specifies what servers may send email on behalf of domain. In the example below, a system uses SPF to make decisions about how to route an email: microsoft.com . 3600 IN TXT "v=spf1 include:_ spf-a.microsoft.com include:_ spf-b.microsoft.com include:_ spf-c.microsoft.com include:_ spf-ssg-a.microsoft.com include:spf-a.hotmail.com ip4:147.243.128.24 ip4:147.243.128.26 ip4:147.243.128.25 ip4:147.243.1.47 ip4:147.243.1.48 ~all” Use SPF Generator Wizard and SPF Checking Tools 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 3

How SPF Works 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 4

DKIM (Domain Keys Identified Mail) DKIM records are complex and must be generated correctly. They often look like this: ;default._ domainkey.rackaid.com . IN TXT default._ domainkey.rackaid.com . 1800 IN TXT "v=DKIM1;k= rsa;p =MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/VMzpi2yfvnzVXCzPawWRC5LtnlzD0f7a3/NI+oDfxiBAOlVISxps7sv0UPBK1D+rJAhCt4KB+eJcTFtOgXVWQmUMQLcAEHSwHHlbmZd3B8fMs4jYaoeJfPIy1bB0cZ1zh95dOfcMD8QFDsRlVFjrmRanvqOaJZ4Ftkbfqze5hQIDAQAB” Setting up DKIM will vary depending on your email server platform. Use DKIM Generator and check with Core Tools to validate the keys. Due to the complexity of these records, be sure that you TEST them if you implement them. Some references simple EXPLAINED or HERE others configuration HERE and HERE . 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 5

How DKIM Works 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 6

Email Configuration #2 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 7

Key Features Provide end to end secure (encrypted) email system using RFC 4616 standard compliance Using STARTTLS a TLS (SSL) layer extension protocol for SMTP, POP and IMAP With CA Certificate HTTPS for webmail access with robust push capability Client based and/or add-on for mobile device (platform IOS, Android and Windows) Desktop clients application (Windows, Mac OSX and Linux) and Web Based Mail Integrated device based recognition, authentication, GIS based centralized activity record Lost and found protection, kill switch and remote wipe deactivation (including databases) 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 8

Service Architecture 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 9

Robust (Fail Over) Design 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 10

Robust (Distributed) Topology 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 11

How It Works User and the devices must registered to the services User request authentication through registered devices Email clients or desktop clients/add on with OTP SMS Server will established VPN to authenticated users and Start mandatory secure email (SMTP/POP/IMAP) transaction System will record all transaction and activity logs including Geo location information and presented into statistics Remotely sanitized registered devices, if requested 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 12

References RFC 5321/5322, RFC 4616, RFC 4880, RFC 3156 Routing http://tools.ietf.org/html/rfc5321 Routing http://tools.ietf.org/html/rfc2821 PTR Security http://tools.ietf.org/html/rfc1912 SPF Records http://tools.ietf.org/html/rfc4408 Caller ID http://tools.ietf.org/html/draft-atkinson-callerid-00 NIST SP800-45 Rev. 2, NIST SP800-88, DISA DEE Essential DNS Record and SPAM Protection HERE Tools MXTOOLBOX and VIEWDNSINFO and DNSCHECK 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 13

Thank You Personal Contact: Mobile: +628119936071 Email: [email protected] 10/04/20 ID-SIRTII/CC + PANDI + ID-Institute 14
Tags
Categories
Technology Design
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 6
  • Slides 15
  • Age 470 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category