My father-in-law asked me for ideas to improve his email security. He read an article about how some hackers, having gained access to a Gmail account, were able to reset the account holder's passwords for other services, such as Amazon.
This is what I've come up with so far, but more brainpower would really help as I've never thought of this before, so all critique and suggestions will be warmly welcome.
Starting Point: He has a website hosted on a LAMP / cPanel system, and his current email goes through the website's domain. The email account is set up in cPanel. He retrieves his email via pop3, deleting it from the server. I'm thinking this might be a decent starting point? No need for iMap as he only has one computer (no iPhone) and he deletes it as he goes?
Next Steps:
I am thinking to get him to set up several address forwarders on his cPanel: one for his bank, one for Amazon---basically one for each of the few accounts that are linked to a bank or a credit card. These forwarders would all forward to one central address, also set up in cPanel, which would be "private", in the sense that he would not use it to send emails. He would only use it to retrieve email via pop3.
Also thinking of getting him to can store his email on his computer on an encrypted virtual drive using TrueCrypt.
With this set-up it seems to me the messages are vulnerable in a few places:
Big thanks in advance, looking forward to your thoughts.
UPDATE: SUMMARY OF REPLIES SO FAR
How lucky, several thoughtful and detailed replies came in so far. Summarizing the replies so far.
Using the Web
Retrieving Messages (Thunderbird)
Local Machine
Hardening the Server
Fischer's Set-up
(Special category as Fischer's workflow is different system from the other replies)
This is a complex question, but putting together a simple system to protect your father-in-law's confidential information should not be that difficult.
Your first suggestion of using separate addresses for separate services probably won't make much of a difference. If someone (say, Mallory) is intercepting email in the network, then they can probably intercept any forwards you make; therefore all services are vulnerable to attack if you are using only one domain for all accounts. Mallory can simply search for any emails containing *@example.com
in the To field and assume they're all being forwarded to the hidden address. Just knowing what the email address for a given account on a given service is gives Mallory an advantage, as that's what is authenticated to the service and that's what she will use to compromise it. Even creating email accounts off your domain simply increases the number of vulnerable nodes.
One way that you can considerably improve security is by enabling SSL for all protocols on the mail client used to fetch from the server. That way you eliminate at least one vulnerable hop where Mallory can intercept the plaintext of the emails. Also, contrary to what you've stated, it is very likely that sensitive services are using SSL to send you mail via SMTP, or that you can enable that somehow.
That's the most you can do on the network end. If the service refuses to use SSL-SMTP, it's probably not going to be very secure at all. There's a lot you can do to improve security on the local end, however. You should take standard precautions such as creating a firewall and disabling unused network services, as well as making sure that all your passwords are strong (16 characters or more). The LAMP server can be hardened with Grsecurity or a similar system to prevent buffer overflow attacks. Creating a virtual encrypted drive is of dubious utility, seeing as that unless you want your email to be undeliverable 90% of the time, the drive must be unlocked for you to receive it. Picture a physical mailbox with a padlock!
The local system presumably being used to retrieve email from the server using (SSL-)POP3 can be hardened as well if it's Linux. If you're serious about local security, the whole drive should be TrueCrypted (it's not actually on standby waiting for mail all the time) because applications leak an unbelievable amount of data throughout the whole system in caches and logs, rendering a solely encrypted local mailbox somewhat irrelevant.
So there's a little you can do for the network, a lot you can do for the server, and more you can do for the local system. Remember that the weakest part of your whole security system is the passwords.
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加