Internet Communications Security/Introduction
Introduction
- Subsections
Add or edit subsection:
Minimum time | 20 |
Maximum time | 40 |
Position |
3/1 |
Type | Lesson |
Section of | Internet Communications Security |
Lang | En |
- Last modified: 6 August 2013 17:18:20
Email insecurity
Explain and demonstrate the problems of insecure email communication. Demonstrate how some services provide secure login but insecure account use. Draw a diagram of an international communication channel, explaining the route taken by email and the point of surveillance that may exist along this route.
SSL webmail
Email communications are insecure by default, both due to the open nature of the Internet and reliance on the provider of the service. Internet surveillance systems, installed on local and national network can easily read unprotected email. In most cases, secure email must be present on both sides of the communication channel, to maintain privacy.
The two main differences between the RiseUp and Gmail services are the space offered for the mail accounts and their respective owners. Whereas RiseUp is run by a group of activists who take great effort and pride to ensure data stored on their servers is not accessible to anyone, Google allows automatic scanning of content by their advertising agent and may be more susceptible to US and other governments pressures interests and influence.
Trainer's Notes: Choose carefully which of the two services to present. This will depend on the audience and their country of operation. In circumstance where hosting email within US jurisdiction may not be desirable, RiseUp should be the preferable option. Otherwise, Gmail offers a better quality of service and much more space. It is also easier to register and promote to other users.
The ideal scenario is that the communicating parties settle on using a similar service. Many participants may already be using Gmail. In this instance you may register the rest on Gmail as well, show the security options and demonstrate Google Apps.
Trainer's notes: Use trial IM sniffing software or wireshark for demonstration. Prepare in advance to make sure the demo works for you (your network card, OS). Choose local/popular (according to your audience) email services for demonstration.