CS671 Spring 2022 Homework 6

Email Systems, Email Security, Phishing and Social Engineering

Dr. Greg M. Bernstein

Due Wednesday, March 9th, 2022 by 11:59PM, 50 points.

General Instructions

The goals of this assignment are to get more familiar with DoS attacks, Botnets and start on email systems.

Create and Use a new Branch hw6

We will create a new git branch called hw6 for use in this assignment. The branch you create must exactly match the one I’ve given you for you to receive any credit for this homework.

Prior to creating this new branch make sure your working directory is “clean”, i.e., consistent with the last commit you did when you turned in homework 5. Follow the procedures in GitHub for Classroom Use to create the new branch, i.e., git checkout -b hw6. Review the section on submission for using push with a new branch.

Use README.md for Answers

You will modify the README.md file in your repo to contain the answers to this homework.

Questions

Question 1. (10 pts) Sender Policy Framework (SPF)

1(a) Protection Limits?

Does SPF protect against spam from mail.google.nottame.com? Why or why not?

1(b) What is authenticated?

What does SPF actually check for us?

1(c) Mechanism?

How does the receiving mail server use SPF? (one or two sentences) What encryption technologies, if any, does SPF use?

Question 2. (10 pts) Domain Keys Identified Mail (DKIM)

You may want to look at Wikipedia: DKIM to help answer the following questions.

2(a) Protection Limits?

Does DKIM protect against spam from mail.google.nottame.com? Why or why not?

2(b) Who can send for me?

Does DKIM indicate what hosts can send email on my behalf? Why or why not?

2(c) DKIM and DNS

What is the main item that DKIM actually stores in a DNS record?

2(d) DKIM and Integrity

Does DKIM provide any guarantees on the integrity of the email message? Explain. Does DKIM help with non-repudiation? Explain.

Question 3. (10 pts) Securing Email

3(a) Who can see them part 1?

If you use a 3rd party email provider (gmail, microsoft, yahoo, etc.), i.e., don’t run your own MTA, who can see and potentially read your emails while they are “at rest”?

3(b) Who can see them part 2?

When you access your emails from a 3rd party provider who can potentially see them?

Question 4. (10 pts) Phishing

Download and read the Phishing Activity Trends Report 2nd Quarter 2021 from the Anti-Phishing Working Group (APWG).

4(a) Phishing Sites

How does a “phishing site” as defined by the APWG differ from the URLs we have studied? How many unique phishing sites did APWG report for June 2021?

4(b) Email Lures

Why does APWG track email “subject lines”? How many different email subjects were seen in June 2021? Why does this number differ from the number of phishing sites?

4(c) Targeted Industries

What were the three most targeted industries in the 2nd quarter of 2021?

4(d) Registrars

What is BEC? Who were the top two domain registrars used by BEC scammers in the 2nd quarter of 2021?

Question 5 Social Engineering

5(a) What is it?

What is social engineering? (Give a short definition in your own words)

5(b) Why Social Engineering?

Why is social used when there such a wide variety of cyber attack tools and potential exploits?

5(c) Manipulation versus Influence

Read the page on manipulation at the Social-Engineer website. What is the difference between manipulation and influence. As a red team member would you consider either acceptable? Would a black hat hacker consider either acceptable?