Chapter 13, Securing Personal and Business Communications
This lesson presents some material from chapter 13. Objectives
important to this lesson:
Store-and-forward
Voicemail threats
E-mail and social networking threats
Real-time communication
Securing telephone and PBX communications
Securing VoIP
Concepts:
Chapter 13
The previous chapter dealt with mobile communications, which
covers a lot of the communications most people use. This chapter
discusses more traditional communication channels. It begins with
a poor example. You want to talk to a coworker, but that person is
busy. You leave a note with another person who relays your
message, and relays a reply to you when it is available. This is
meant to symbolize the passing of information across routers that
store the information until a path is found that can be used to
send it along its way to the intended destination. The point that
the text is trying to make is that there are several kinds of
communications that include this feature, storing
information until a path
is available or until it is picked
up by the intended receiver.
voicemail systems -
Voicemail is typically left when connection to a voice channel
to an intended recipient is not possible, due to a hardware or
availability issue. Systems may include the capacity to convert
a voice message to text or email, reducing storage needs and
cost. Voicemail systems are typically vulnerable to hacking when
users continue to use default passwords. They are vulnerable to
attack when attackers send email that looks like a voicemail
notification, but actually contains a malware payload.
e-mail - The chapter presents a list of effective
e-mail techniques that have been used to defraud users and
damage computers. These include bank scams, malware
posing as patches, and messages that seem to be from trusted
sources. You should always be in doubt about the intentions of
an e-mail sender. Don't enable HTML views because they allow
scripts to run.
The text offers some advice about avoiding email scams:
phishing and social engineering - educate yourself and
others about the threats
eavesdropping - encrypt your outgoing messages (has to be
done on both ends)
spoofing and forging - use multi-factor authentication and
nonrepudiation methods
steganographic images - either don't allow images in email
(year, good luck with that) or update your antivirus and
antimalware programs regularly
links in email to malicious sites - update your antivirus
and antimalware programs regularly
social network messaging - As I asked another class
recently, why are you on a social network site? The risks are
unacceptable. The text offers links to information from
Facebook, Instagram, LinkedIn, and Twitter about theirsecurity
guidelines and recommended best practices.
real-time communication - The text lists several
methods that vary in immediacy. Telephone connections are
typically fast, but not without some delay. Text messages of
various types are not immediate, although users typically assume
that they are. Video communications, like audio channels, give
the illusion of immediacy by providing a live microphone on each
end of the channel. The person on the other end seems live
because you can hear them while you are speaking to them.
Regardless of propagation delay, the illusion helps the users
enjoy the experience. The text mentions that some applications,
Skype in particular, report whether a person
is available, and how long they have not been available when
they are tagged as busy or away. My experience is that the "time
away" reported by Skype was often very wrong. I have learned to
ignore the ridiculous numbers of minutes or days my staff are
reported as being away from their desks, and to rely more on the
status light showing that they are available or not. As you may
know, Microsoft bought Skype and now calls it Teams.
The availability information is not much improved.
The following video is a very professional presentation on scams
from Symantec.
This video is from 2021, and it is quite relevant. It explains
several scam techniques you may or may not have heard of. I have
seen some of them myself, and have seen some people fall for them.
On page 343, the text turns to traditional Private Branch
Exchange (PBX) telephone systems, which may support
voice traffic, fax transmissions, modem traffic, and VoIP traffic.
The observations in the text about protecting such systems offer
few new ideas. A quick Google search on the topic gave me
lots of results, but each was from a vendor promoting their own
products. The text suggests not allowing remote management,
protecting the servers' physical locations, and limiting access to
the operational documents for the system. Good advice for any
computer system, really.
The text spends a few pages considering specific Voice over
IP systems and Session Initiation Protocol systems.
The material presented is repetitive and not very helpful.
In the video below, David Bombal shows us how to capture VOIP
traffic with WireShark.
And at least this one talks about the conflict between two
different vendors.
Assignments
Continue the reading assignments for the course.
This week you have a lab and part 9 of the project.
Complete and submit outstanding assignments, things
that are very late will be assigned a 0 per school
policy.