160    Chapter 3 • Communication Security: Remote Access and Messaging

                   In data modification, data is intercepted by a third party (one that is not
                      part of the initial communication), modified, and sent through to the party
                      it was originally intended for.

                   Using SSH helps protect against many different types of attacks, including
                      packet sniffing, IP spoofing, and the manipulation of data by unauthorized
                      users.

             E-mail Security


                   PGP and S/MIME are used for encrypting e-mail.

                   Spam is unsolicited advertisements sent via e-mail.
                   When PGP is installed, plug-ins for Microsoft Outlook, Outlook Express,
                      ICQ, Netscape, and other programs can then be installed, allowing users to
                      encrypt, decrypt, and sign messages sent through these e-mail packages.
                   Users should never follow any instructions within an e-mail that tells them
                      to delete a certain file or send information to an unknown party.

                   Administrators of e-mail systems should invoke spam-whacking solutions,
                      recursive DNS tests, and hardened SMTP relay settings to ensure their e-
                      mail systems are less subject to exploitation.


































          www.syngress.com