FAIL (the browser should render some flash content, not this).

See our most affordable pricing yet!!!

Click To View Our Online Tutorials & Demos!

E-mail Security Problems

The Internet is an expansive network of computers, much of which is unprotected against malicious attacks. From the time it's composed to the time it's read, e-mail travels along this unprotected Internet, perpetually exposed to electronic dangers.


Many users believe that e-mail privacy is inherent and guaranteed, psychologically equating it with postal mail. While e-mail is indeed conventionally secured by a password system, the one layer of protection is not secure, and generally insufficient to guarantee appreciable security.


Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more sensitive information is transferred online, the need for e-mail privacy becomes more pressing.


Because e-mail connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of e-mail that passes through. In effect, every e-mail leaves a digital paper trail in its wake that can be easily inspected months or years later.  The e-mail can be read by any cracker who gains access to an inadequately protected router.


The receivers of e-mail can compromise e-mail privacy by indiscriminate forwarding of e-mail. This can reveal contact information (like e-mail addresses, full names, and phone numbers, and attachments).


Criticisms of E-mail for use in Accounting Industry


E-mail privacy, without some security precautions, can be compromised because:


1.  E-mail messages are generally not encrypted;


2.  E-mail messages have to go through intermediate computers before reaching their destination, meaning it is relatively easy for others to intercept and read messages;


3.  Many Internet Service Providers (ISP) store copies of your e-mail messages on their mail servers before they are delivered. The backups of these can remain up to several months on their server, even if you delete them in your mailbox;


4.  Headers and other information in the e-mail can often identify the sender, preventing anonymous communication.


5.  Another risk is that e-mail passwords might be intercepted during sign-in.



Postal Mail Security Problems


The security vulnerabilities regarding postal mail are numerous and quite obvious.  While the U.S. Postal system is supported by many legal provisions governing the individual privacy rights of citizens, it should be noted that this system is largely protected by the honor and ethics of persons with access to mail contents. 


While it is not our intention to cast doubt on the integrity of the many diligent and responsible persons working in the mail industry, (US Postal, FedEX, UPS, etc.),  it is prudent to acknowledge the risks associated with this medium and to note that laws written to protect privacy are merely reactive punitive measures functioning only as a deterrent at best and provide little to no active protection or prevention of this particular crime.


Persons who attempt to exploit the vulnerabilities of postal mail do so, in most cases, in an attempt to commit future crimes of a fraudulent nature and generally regard the legal ramifications of mail fraud minor as compared to the spoils of a "successful" ploy of identity theft or some other such venture.


Criticisms of Postal Mail for use in Accounting Industry


1.  Cost of postage; especially when mailing time sensitive information where overnight services are needed.


2.  When sending contents on CD, Floppy, DVD, etc., there are higher than average breakage issues that render the media unreadable in corresponding drives, thus causing further delay.


3.  Lack of proactive security protections.


4.  Slow transport times as compared to electronic transfers.



FTP Security Problems


The original FTP specification is an inherently insecure method of transferring files because there is no method specified for transferring data in an encrypted fashion. This means that under most network configurations, user names, passwords, FTP commands and transferred files can be "sniffed" or viewed by anyone on the same network using a packet sniffer.


Criticisms of FTP for use in Accounting Industry


1.  Passwords and file contents are sent in clear text, which can be intercepted by eavesdroppers. There are protocol enhancements that circumvent this.


2.  Multiple TCP/IP connections are used, one for the control connection, and one for each download, upload, or directory listing. Firewall software needs additional logic to account for these connections.


3.  It is hard to filter active mode FTP traffic on the client side by using a firewall, since the client must open an arbitrary port in order to receive the connection. This problem is largely resolved by using passive mode FTP.


4.  It is possible to abuse the protocol's built-in proxy features to tell a server to send data to an arbitrary port of a third computer.


5.  FTP is a high latency protocol due to the number of commands needed to initiate a transfer.


6.  No integrity check on the receiver side. If transfer is interrupted the receiver has no way to know if the received file is complete or not. It is necessary to manage this externally for example with MD5 sums or cyclic redundancy checking.


7.  No error detection. FTP relies on the underlying TCP layer for error control, which uses a weak checksum by modern standards.


8.  No date/timestamp attribute transfer. Uploaded files are given a new current timestamp.  There is no way in the standard FTP protocol to set the time-last-modified (or time-created) date-stamp that most modern file-systems preserve. There is a draft of a proposed extension that adds new commands for this, but as of yet, most of the popular FTP servers do not support it.  This mechanism is vital to accurate audit reporting of file transfer activity.