Options

E mail Spoofing

tlholmes4470tlholmes4470 Member Posts: 8 ■□□□□□□□□□
in CISSP

Which of the following is considered best practice for preventing e-mail spoofing?

Which of the following is considered best practice for preventing e-mail spoofing?
A. Cryptographic signature
B. Uniform Resource Locator (URL) filtering
C. Spam filtering
D. Reverse Domain Name Service (DNS) lookup


This question appears to be straight forward. They have A as the answer. In my opinion A cannot be the answer. According to NIST 800 SP 45: 

Because most email messages are protected individually by digitally signing and optionally encrypting them, this section focuses on the use of these methods. The most widely used standards for signing messages and encrypting message bodies are Open Pretty Good Privacy (OpenPGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME).8 Both are based in part on the concept of public key cryptography, which involves a user having a pair of related keys: a public key that anyone can hold, and a private key that is held exclusively by its owner. Because public key cryptography is so computationally intense, it is used sparingly in email security; symmetric key cryptography, which is much more efficient, is much more heavily used. 

B- is also not the answer (  This is just a content filter)

C- seems reasonable. C seems to be a combination of C and D.

D- Reverse DNS is a method that commonly used in spam filter software. So although this is true C takes D into account

Is my logic flawed? 

· Share on FacebookShare on Twitter

Best Answer

Answers

  • Options
    kaijukaiju Member Posts: 453 ■■■■■■■□□□
    edited March 2020
    Cryptographic signature (symmetric key cryptography or public key cryptography) = signing so A is correct.



    Work smarter NOT harder! Semper Gumby!
    · Share on FacebookShare on Twitter
  • Options
    tlholmes4470tlholmes4470 Member Posts: 8 ■□□□□□□□□□
    Kaiju


    I found this in the same NIST document, therefore I think you are correct that A is the right answer. I'm not sure of your reasoning. See Note 1 at the bottom.

    From NIST 800 SP 45:

    Organizations often want to protect the confidentiality and integrity of some of their email messages, such as preventing the exposure of personally identifiable information in an email attachment. Email messages can be protected by using cryptography in various ways, such as the following:

    Sign an email message to ensure its integrity and confirm the identity of its sender.
      Encrypt the body of an email message to ensure its confidentiality.
      Encrypt the communications between mail servers to protect the confidentiality of both the message body and message header.

    The first two methods, message signing and message body encryption, are often used together. For example, if a message needs to be encrypted to protect its confidentiality, it is usually digitally signed as well, so that the recipient can ensure the integrity of the message and verify the identity of the signer. Messages that are digitally signed are usually not encrypted if the confidentiality of the contents does not need to be protected.

    Question
    I'm  in no way am as smart as the NIST folks, but I do not under how one can provide confidentiality and integrity at the same time when using a digital signature. A digital signature is:

    Private_Key{hash(plain_text)} ll plain_text --> This provides integrity ( and authentication and non repudiation), but you have lost confidentiality.( by the way, ll stands for concatenation )


    Note 1
     I cannot find a source that states:
    Cryptographic signature (symmetric key cryptography or public key cryptography) = signing so is correct.
    · Share on FacebookShare on Twitter
  • Options
    tlholmes4470tlholmes4470 Member Posts: 8 ■□□□□□□□□□
    Sorry

    C is not a reasonable answer
    · Share on FacebookShare on Twitter
  • Options
    kaijukaiju Member Posts: 453 ■■■■■■■□□□
    edited March 2020
    "Because most email messages are protected individually by digitally signing and optionally encrypting them, this section focuses on the use of these methods. The most widely used standards for signing messages and encrypting message bodies are Open Pretty Good Privacy (OpenPGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME).8 Both are based in part on the concept of public key cryptography, which involves a user having a pair of related keys: a public key that anyone can hold, and a private key that is held exclusively by its owner. Because public key cryptography is so computationally intense, it is used sparingly in email security; symmetric key cryptography, which is much more efficient, is much more heavily used."

    You provided the information that supports answer A.

    Symmetric key cryptography or public key cryptography are methods of Cryptographic signature (digital signatures). Digi sigs provide authentication and non-repudiation. A digi sig would prove that an email has not been spoofed.  




    Work smarter NOT harder! Semper Gumby!
    · Share on FacebookShare on Twitter
  • Options
    yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    edited March 2020
    Well it is used sparingly. But it's still used. Though I suspect it's used sparingly less about computational strength and more because most end users can't figure out how to set it up.

    NIST 800 SP 45 is ancient. I'd bet that wording about computational requirements hasn't been updated from the 2002 parts and it might have made sense then.

    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
    · Share on FacebookShare on Twitter
Sign In or Register to comment.