IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.77 Unauthorised monitoring of E mails<br />

Electronic mail (E Mail) is usually transmitted as plain text. Data which has<br />

not been protected by cryptographic means can be monitored and modified on<br />

any <strong>IT</strong> system via which it is being transmitted. In the case of E Mail sent over<br />

the Internet, a large number of <strong>IT</strong> systems could be involved without the<br />

precise routing being known beforehand. <strong>The</strong> transmission route depends on<br />

the utilisation and availability of gateways and network segments. In some<br />

cases, E Mail intended simply for transmission between two neighbouring<br />

municipal districts can be routed abroad at some point.<br />

Access to incoming E Mail can also be gained via the recipient's mailbox<br />

maintained on the mail server. This mailbox contains all received E Mails, not<br />

only those which have not yet been read, but depending on the configuration,<br />

it may also contain an archive of all E Mails received in recent months. As a<br />

very minimum, the system administrator in charge of the mail server will have<br />

access to the mailbox. In some cases, copies of outgoing E Mails are also<br />

stored on the mail server. Usually, however, the user's mail software stores<br />

them on the sender's computer.<br />

Examples<br />

- A number of Microsoft internal E Mails have been used by the other side in<br />

the anti-trust proceedings against Microsoft to undermine the company's<br />

position. Some of these E Mails contained defamatory remarks about<br />

Microsoft's competitors.<br />

- A supplier makes services available over the Internet. To use these<br />

services, it is necessary to log on to the service provider's server. <strong>The</strong><br />

authentication information needed for this purpose is sent to the customer<br />

by E Mail. If this E Mail is intercepted, an adversary can then log on to the<br />

service provider's server without authorisation and avail himself of its<br />

services at the expense of the registered customer.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Transmission in plain<br />

text<br />

Storage on the mail<br />

server

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!