verifying email security techniques for dutch
play

Verifying email security techniques for Dutch organizations - PowerPoint PPT Presentation

Jun 22, 2023 •17 likes •187 views

Verifying email security techniques for Dutch organizations Student: Vincent van Dongen Supervised by: Ralph Dolmans, George Thessalonikefs (NLnet Labs) Security and Network Engineering (UvA) Master Thesis, 3 July 2018 Vincent van Dongen (UvA)

  1. Verifying email security techniques for Dutch organizations Student: Vincent van Dongen Supervised by: Ralph Dolmans, George Thessalonikefs (NLnet Labs) Security and Network Engineering (UvA) Master Thesis, 3 July 2018 Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 1 / 17

  2. Introduction 1/2 Security hasn’t taken into account during the design of email protocols. Different techniques have emerged to secure email. Governments have defined guidelines to implement these techniques. You can check if these techniques have been implemented. How many email security techniques have been implemented for organizations within the Netherlands? Is there a distinction between: The size of an organization. Geographical location. The type of sector. Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 2 / 17

  3. Introduction 2/2 Related work: Previous research has been done on verifying email security techniques. NLNet Labs has build a tool check if the email security techniques have been implemented. Scope: Only Dutch organization will be verified for this research. Approach: Define which techniques will be verified. 1 Create a data-set of Dutch organizations. 2 Use the data-set as input for the experiment. 3 Discuss the results of the experiment 4 Answer research questions. 5 Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 3 / 17

  4. Background information The Dutch Standardization Forum has defined a list of compulsory standards. 19 different techniques will be checked during the experiment: Category Checks for Purpose Record available SPF Policy DKIM Record available Detects email spoofing Record available DMARC Policy Signed domain Secure domain Protects users from DNSSSEC Signed mx record forged DNS data Validate signed mx record Record available Authenticate TLS DANE Valid record clients and servers Supports TLS version Cipher suites Trust chain of certificate Creates an encrypted STARTTLS 1 TLS compression connection Public key of certificate Signature of certificate Domain name on certificate 1Guidelines for TLS: https://www.ncsc.nl/actueel/whitepapers/ict-beveiligingsrichtlijnen-voor-transport-layer-security-tls Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 4 / 17

  5. Collecting the data-set Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 5 / 17

  6. The experiment A tool from ’internet.nl’ was used for the experiment. The tool queries the DNS server along with the SMTP server. The domain names from the collected data-set were used as the input. 50.521 domain names submitted via an API. The experiment took approximately 4 days to complete. The tool could not retrieve the mx record for 3871 domains. Experiment succeeded for 46.650 domains. Output was a 400 MB JSON file. Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 6 / 17

  7. Results: Overview 1/5 How many email security techniques have been implemented for organizations within the Netherlands? Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 7 / 17

  8. Results: Overview 1/5 How many email security techniques have been implemented for organizations within the Netherlands? Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 8 / 17

  9. Results: Number of employees 2/5 Is there a distinction between small, medium and large organizations regarding the implementation of email security techniques? Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 9 / 17

  10. Results: Geographical location 3/5 Is there a geographical distinction between organizations regarding the implementation of email security techniques? Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 10 / 17

  11. Results: Geographical location 3/5 Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 11 / 17

  12. Results: Type of sector 4/5 Is there a distinction between the type of sector regarding the implementation of email security techniques? Type of sectors: Agricultural Industry Construction Information and communication Consultancy Mining Culture sport and recreation Others Education Other business services Energy Public services Financial Real estate Food Retail Healthcare Transport and storage Water and waste Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 12 / 17

  13. Results: Type of sector 4/5 What type of sector has implemented the most and the least number of email security techniques? Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 13 / 17

  14. Results: Other interesting findings 5/5 Interesting findings: Top 1000 organizations (most employees) score an average of 9.30. 1 Organizations from AEX index have an average score of 10.32. 2 The subsector that has the lowest score is the ’Manufacture of aircraft parts’ 3 subsector with an average score of 3.2. Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 14 / 17

  15. Discussion Remarks about the data-set 4985 organizations didn’t contain a domain name. Organizations with 1-10 employees were not validated. The repository dates back to 2015. Remarks about the experiment The tool didn’t receive mx records for 3871 domains. The tool could only check if a DKIM record is available. Remarks about the results 8 of the 19 techniques were related to STARTTLS. There might be only a few organizations present in a municipality and therefore strongly influence the average score. Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 15 / 17

  16. Conclusion Organizations have on average implemented 45 % of the email security techniques that have been defined by the Dutch ’Forum Standaardisatie’. We didn’t find a relation between the number of employees or the geographical location in regarding the implementation rate. We did find a relation between the type of sector. The ’Public Services’ sector has the highest score. Many governmental organizations are present in the ’Public service’. We assume that the high score is related to compulsory policies. Future work Investigate if there is a distinction between the owners of an IP-address or hosting provider related to the implementation rate. Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 16 / 17

  17. I would like to thanks Ralph Dolmans and George Thessalonikefs from NLnet Labs for supervising this research project. Vincent van Dongen (UvA) Verifying email security techniques for Dutch organizations Master Thesis, 3 July 2018 17 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Fo Food for though ght Review of the Dutch food security policy 2012-2016 Ferko Bodnr, IOB

Fo Food for though ght Review of the Dutch food security policy 2012-2016 Ferko Bodnr, IOB

Fo Food for though ght Review of the Dutch food security policy 2012-2016 Ferko Bodnr, IOB Food Security Exchange Wageningen, 31 May 2018 1 Presen entation o n outline ne 1. Food security, the global challenge 2. Dutch food security

222 views • 20 slides
Verifying Authentication Properties of C Protocol Code Using VCC Franois Dupressoir (Open

Verifying Authentication Properties of C Protocol Code Using VCC Franois Dupressoir (Open

Verifying Authentication Properties of C Protocol Code Using VCC Franois Dupressoir (Open University) Andrew D. Gordon (MSR Cambridge) Jan Jrjens (TU Dortmund) Verifying Security Code Assume a security API specification.

397 views • 24 slides
Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P .

Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P .

Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P . Madhusudan University of Illinois at Urbana-Champaign Mobiles devices are powerful Security of mobile devices is important High value

912 views • 89 slides
Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster,

Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster,

Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko University of California, San Diego Recent Email Communications

449 views • 28 slides
E-Safe NCAA Email il Security Scott Berding Trivia The email security market is a mature

E-Safe NCAA Email il Security Scott Berding Trivia The email security market is a mature

E-Safe NCAA Email il Security Scott Berding Trivia The email security market is a mature market with single digit growth? False Its an $18B market growing at 22% Trivia #1 reason for non-adoption of Office 365 is security concerns?

518 views • 47 slides
How to Identify a Phishing Email Brought to you by Information Security Services An email address

How to Identify a Phishing Email Brought to you by Information Security Services An email address

How to Identify a Phishing Email Brought to you by Information Security Services An email address that tries to disguise itself as legitimate A generic greeting An email that demands immediate action CWU warning message indicates the email

268 views • 8 slides
Email Security Guevara Noubir Network Security Northeastern

Email Security Guevara Noubir Network Security Northeastern

Email Security Guevara Noubir Network Security Northeastern University Email Security 1 Email One of the most widely used applica>ons of the

360 views • 14 slides
Dutch Relief Alliance (DRA) The Dutch Relief Alliance is a coalition of 16 Dutch humanitarian

Dutch Relief Alliance (DRA) The Dutch Relief Alliance is a coalition of 16 Dutch humanitarian

Dutch Relief Alliance (DRA) The Dutch Relief Alliance is a coalition of 16 Dutch humanitarian NGOs established in 2015 and funded by the Netherlands Ministry of Foreign Affairs. The structure of the DRA allows for the rapid delivery of

690 views • 15 slides
Security analysis of Dutch smart metering systems Sander Keemink and Bart Roos July 2, 2008 1 /

Security analysis of Dutch smart metering systems Sander Keemink and Bart Roos July 2, 2008 1 /

Security analysis of Dutch smart metering systems Security analysis of Dutch smart metering systems Sander Keemink and Bart Roos July 2, 2008 1 / 19 Security analysis of Dutch smart metering systems 1 Smart metering introduction 2 Theoretical

430 views • 19 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert Sison (UNSW Sydney, Data61) and Toby Murray (University of Melbourne) September 2019 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au So

1.94k views • 156 slides
Cloud-based email security and filtering Index 1. Email Challenges in Corporate Environments

Cloud-based email security and filtering Index 1. Email Challenges in Corporate Environments

Cloud-based email security and filtering Index 1. Email Challenges in Corporate Environments Problems Needs 2. The solution: Email Protection What is it? Benefits Features Email Protection 24/06/2015 2 Email Challenges

143 views • 11 slides
Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan

Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan

Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan Microsoft Research, Cambridge Microsoft Research INRIA Joint Centre, Paris Joint work with C. Fournet and A.D. Gordon + R. Puccella, S. Tse, N.

1.4k views • 122 slides
CoU for Security Research JNG (Han) Bosch Strategic policy advisor E-commerce Dutch Customs

CoU for Security Research JNG (Han) Bosch Strategic policy advisor E-commerce Dutch Customs

CoU for Security Research JNG (Han) Bosch Strategic policy advisor E-commerce Dutch Customs Brussels, June 5, 2018 Tasks Customs Balance The Netherlands stand out as the overall best performer ff F F F F F F 4 F Main challenges (1)

236 views • 12 slides
Verifying Persistent Security Properties Annalisa Bossi, Damiano Macedonio, Riccardo Focardi,

Verifying Persistent Security Properties Annalisa Bossi, Damiano Macedonio, Riccardo Focardi,

Verifying Persistent Security Properties Annalisa Bossi, Damiano Macedonio, Riccardo Focardi, Carla Piazza, and Sabina Rossi Dipartimento di Informatica Universit` a Ca Foscari di Venezia { bossi,mace,focardi,piazza,srossi } @dsi.unive.it

545 views • 28 slides
Preparing for integrating supply chain with design and development operations process in a medium

Preparing for integrating supply chain with design and development operations process in a medium

Preparing for integrating supply chain with design and development operations process in a medium sized heavy machinery Original Equipment Manufacturer Jugal Desai Design Operations Engineer- KTP Associate at Dando Drilling International

678 views • 9 slides
THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web

THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web

1 THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web presence Idan Cohen, Q3 2019 The untold supply-chain challenge: THIRD-PARTIES ON WEBSITES 3 Let s understand What is a web third-party

338 views • 15 slides
Supply Chain Risk Management Howard Gugel, Senior Director of Standards and Education Member

Supply Chain Risk Management Howard Gugel, Senior Director of Standards and Education Member

Supply Chain Risk Management Howard Gugel, Senior Director of Standards and Education Member Representatives Committee Meeting August 9, 2017 Cyber Security Supply Chain Standard Background FERC issued Order No. 829 on July 21, 2016

875 views • 52 slides
Day Two: October 4, 2018 1 1 Lets Unblock the Chain of Data Making B2B Payments More

Day Two: October 4, 2018 1 1 Lets Unblock the Chain of Data Making B2B Payments More

Day Two: October 4, 2018 1 1 Lets Unblock the Chain of Data Making B2B Payments More Efficient 2 Speaker Bios Title | Company Magnus Carlsson David Jackson Guy Berg Federal Reserve Association of Marketcy Bank of Financial

317 views • 9 slides
WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work

WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work

WOMEN & MILLENNIALS IN THE SUPPLY CHAIN How Seasoned & Millennial Professionals Work Together in the Logistics Industry WOMEN IN LOGISTICS & SUPPLY CHAIN WOMEN IN LOGISTICS According to the World Economic Forum, itll be nearly

367 views • 21 slides
Senior Women Talent Pipeline for UN Peace Operations Call for nominations and applications Ms.

Senior Women Talent Pipeline for UN Peace Operations Call for nominations and applications Ms.

Senior Women Talent Pipeline for UN Peace Operations Call for nominations and applications Ms. Kristina Koch, Chief Recruitment Section Department of Field Support/Field Personnel Division Email: kochk@un.org, Tel: 917 367 3320 1 Overview 1.

169 views • 16 slides
HABs Harrier Training 2018 Claire Weston Outreach Coordinator Community Science Institute

HABs Harrier Training 2018 Claire Weston Outreach Coordinator Community Science Institute

Cayuga Lake HABs Harrier Training 2018 Claire Weston Outreach Coordinator Community Science Institute First of all THANK YOU! NO BLOOM REPORT The No Bloom Report should be filled out every week that you survey your zone but

181 views • 15 slides
Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division Overview Cyber Threat Overview Cyber-enabled Fraud Types of Cyber-enabled Fraud Business Email Compromise

796 views • 47 slides

More recommend