2008-04-07T22:10:44Z

Leehw: /* SFTP Client / Server */

Secure File Transfer Protocol is a one of the safe ways to exchange files on the internet. Simply, Secure File Transfer Protocol is a secure version of normal File Transfer Protocol (FTP). Secure File Transfer Protocol uses the same FTP commands to send or receive files securely, if it is setup properly.

== History ==
File Transfer Protocol (FTP, RFC 114) has become one of the most commonly used internet protocol for any of internet users since the TCP/IP protocol suite was developed in the late 1970s and early 1980s.
The first FTP standard published in the early 1970s. It specified only few simple commands of file transfer protocol. FTP is platform independent which means it works any kind of operating systems such as Microsoft Windows, Mac OS, and Linux.
However, File Transfer Protocol is not secure which means there are always possibilities to be stolen your username and password via computer network. Therefore, many developers and network administrators have been making an effort to make it secure.

== SFTP (SSH File Transfer Protocol) ==
SSH File Transfer Protocols (SFTP) is a secure version of File Transfer Protocol. Typically, SFTP uses SSH2 protocol and TCP port 22 to establish the secure connection but It could be used with other protocol as well. It is much more secure but requires special server setting and also it requires SSH File Transfer Protocol Client which is not compatible with File Transfer Protocol.

=== SFTP Client / Server ===
Generally, many operating systems already supports numerous kinds of SFTP clients such filezilla in Microsoft Windows and sftp command in Linux or Unix platforms. For servers, OpenSSH is the most widely used but there are also many commercial products.
[[Image: Filezilla.jpg|thumb|300px|right| Filezilla]]

=== usage in Linux ===
sftp username@host

== FTPS (File Transfer Protocols over SSH) ==

== References ==

== External links ==

== See also ==

== Signature ==

2008-04-07T21:17:20Z

Leehw:

Secure File Transfer Protocols

2008-04-07T21:13:44Z

Leehw:

Secure File Transfer Protocols

2008-04-07T21:12:58Z

Leehw: New page: Secure File Transfer Protocol is a one of the safe ways to exchange files on the internet. Simply, Secure File Transfer Protocol is a secure version of normal File Transfer Protocol (FT...

Anti-spam Systems and Techniques

2007-12-08T17:04:32Z

Leehw:

Now a days the email system has become the most significant technology and a useful tool for human beings in the world. In the US alone, 88% of adult users have email accounts and half of email users use email systems almost every day. However, like growing email users, spam, scam, and fishing emails are increasing. Lots of email providers, such as Gmail, Hotmail, have been making an effort to protect their users from spam, scam, and fishing emails. Accordingly, I’ll discuss some new techniques for anti-spam systems and how to improve the anti-spam system on the server through SPF (Sender Policy Framework), SenderID, Domain Keys, and DKIM(Domain Key Identified Mail).

== Time to replace SMTP? ==
SMTP is a simple and text based protocol using port 25. It was formally defined in RFC 821 as improved by RFC 1123, but today, ESMTP defined in RFC 2821 is widely used.
SMTP has many security problems but SMTP servers became more secure as users began writing their own servers such as [http://www.microsoft.com/exchange/default.mspx Microsoft Exchange Servers], [http://cr.yp.to/qmail.html Qmail] and [http://www.postfix.org Postfix].
However, SMTP stays at the core of current junk email problems. Moreover, junk email is highly approaching 90% of all email traffic on the internet and like growing email users, spam, scam, and fishing emails are increasing.

== Anti-spam technique through Procmail ==
[http://www.procmail.org Procmail] is one of the email filtering softwares and Mail Delivery Agents (MDA) widely used on Unix and Linux systems. It is placed between the Mail Transfer Agent (MTA) like Sendmail and users mail boxes. In order to use procmail, the procmailrc configuration file of procmail is needed to setup. The procmailrc is like below the picture.

[[Image:Procmailrc.jpg]]

== New Anti-spam Systems ==
=== SPF (Sender Policy Framework) ===
Sender Policy Framework (SPF) is the one of the new anti-spam technology and open standard to prevent sender address forgery. SMTP allows to send and receive emails any of domains so it is very easy to send spams through SMTP servers. SPF allows to use TXT record in the DNS server. For example, when inbound server receives an email, checking SPF record and if it is from unauthorized machine, it rejects the email.

[[Image:Spf.jpg]]

The records are laid out like this

[[Image:Dns.jpg]]

=== SIDF (Sender ID Framework) ===
SIDF was designed by Microsoft. It certifies sender addresses through SPF record and uses very similar methods name syntax as SPF. However, SIDF is not the latest version of SPF.
For more information, click this [http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx link]

=== DKIM (DomainKeys Identified Mail) ===
The first version of [http://dkim.org DKIM] was combined DomainKeys designed by Yahoo and Identified Internet Mail by Cisco.
Today, many email providers such as AOL, Yahoo, Cisco, Microsoft, PGP, IBM, and Gmail collaborate to develop
more enhanced version of DKIM. DKIM offers methods for validating a domain name identity that is associated with a message through encoded DKIM signature header. It validates email by DKIM signature header. The public key stored in DNS.

[[Image:Email_header.jpg]]

== Anti-spam System and Techniques ==
There are many effective anti-spam solutions in the world. But still it is impossible to block 100% of spam because of the inefficient sendmail system. Still, most of email users suffer from unwanted emails. As described above, we can build better and more efficient sendmail systems through new anti-spam techniques so that users don’t need any spam filtering tools.

*'''Step One''': Insert TXT record (SPF and Domain Keys) into DNS zone file
*'''Step Two''': Set email server to validate emails have valid headers through TXT record of DNS server (Sender's DNS)
*'''Step Three''': It is good idea to use both SPF, DKIM and spam filters

== See Also ==
*[[Random Number Generators and Information Security]]
*[[Security and Storage Mediums]]
*[[Piggybacking]]
*[[Honeypot]]
*[[Phishing]]
*[[Biometrics in Information Security]]
*[[Electronic Voting Systems]]
*[[Payment Card Industry Data Security Standard]]
*[[Operating Systems Security]]
*[[Autocomplete]]
*[[Identity Theft]]

== External links ==
*[http://www.openspf.org SPF: Project Overview]
*[http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx Sender ID Framework]
*[http://dkim.org DomainKeys Identified Mail (DKIM)]
*[http://it.slashdot.org/article.pl?sid=04/09/13/1317238 IETF Decides On SPF / Sender-ID issue]
*[http://www.ietf.org/rfc/rfc4871.txt RFC 4871 - The DKIM Base Specification]

== References ==
*PROCMAIL QUICK START <[http://www.ii.com/internet/robots/procmail/qs http://www.ii.com/internet/robots/procmail/qs]>
*Opinion: Is It Time to Replace SMTP? By Dave Crocker (Cisco) <[http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-2/102_smtp.html http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-2/102_smtp.html]>
*SMTP <[http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol]>
*DomainKeys identified Mail (DKIM) <[http://dkim.org http://dkim.org]>
*Sender ID <[http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx]>
*SPF (Sender Policy Framework) Project <[http://www.openspf.org http://www.openspf.org]>
*SPF vs. Sender ID <[http://www.openspf.org/SPF_vs_Sender_ID http://www.openspf.org/SPF_vs_Sender_ID]>
*How Gmail Blocks Spam <[http://googlesystem.blogspot.com/2007/10/how-gmail-blocks-spam.html http://googlesystem.blogspot.com/2007/10/how-gmail-blocks-spam.html]>

--[[User:Leehw|Leehw]] 11:51, 8 December 2007 (EST)

Anti-spam Systems and Techniques

2007-12-08T17:03:50Z

Leehw:

Anti-spam Systems and Techniques

2007-12-08T17:03:28Z

Leehw: /* See Also */

Anti-spam Systems and Techniques

2007-12-08T17:03:02Z

Leehw: /* See Also */

Now a days the email system has become the most significant technology and a useful tool for human beings in the world. In the US alone, 88% of adult users have email accounts and half of email users use email systems almost every day. However, like growing email users, spam, scam, and fishing emails are increasing. Lots of email providers, such as Gmail, Hotmail, have been making an effort to protect their users from spam, scam, and fishing emails. Accordingly, I’ll discuss some new techniques for anti-spam systems and how to improve the anti-spam system on the server through SPF (Sender Policy Framework), SenderID, Domain Keys, and DKIM(Domain Key Identified Mail).

== Time to replace SMTP? ==
SMTP is a simple and text based protocol using port 25. It was formally defined in RFC 821 as improved by RFC 1123, but today, ESMTP defined in RFC 2821 is widely used.
SMTP has many security problems but SMTP servers became more secure as users began writing their own servers such as [http://www.microsoft.com/exchange/default.mspx Microsoft Exchange Servers], [http://cr.yp.to/qmail.html Qmail] and [http://www.postfix.org Postfix].
However, SMTP stays at the core of current junk email problems. Moreover, junk email is highly approaching 90% of all email traffic on the internet and like growing email users, spam, scam, and fishing emails are increasing.

== Anti-spam technique through Procmail ==
[http://www.procmail.org Procmail] is one of the email filtering softwares and Mail Delivery Agents (MDA) widely used on Unix and Linux systems. It is placed between the Mail Transfer Agent (MTA) like Sendmail and users mail boxes. In order to use procmail, the procmailrc configuration file of procmail is needed to setup. The procmailrc is like below the picture.

[[Image:Procmailrc.jpg]]

== New Anti-spam Systems ==
=== SPF (Sender Policy Framework) ===
Sender Policy Framework (SPF) is the one of the new anti-spam technology and open standard to prevent sender address forgery. SMTP allows to send and receive emails any of domains so it is very easy to send spams through SMTP servers. SPF allows to use TXT record in the DNS server. For example, when inbound server receives an email, checking SPF record and if it is from unauthorized machine, it rejects the email.

[[Image:Spf.jpg]]

The records are laid out like this

[[Image:Dns.jpg]]

=== SIDF (Sender ID Framework) ===
SIDF was designed by Microsoft. It certifies sender addresses through SPF record and uses very similar methods name syntax as SPF. However, SIDF is not the latest version of SPF.
For more information, click this [http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx link]

=== DKIM (DomainKeys Identified Mail) ===
The first version of [http://dkim.org DKIM] was combined DomainKeys designed by Yahoo and Identified Internet Mail by Cisco.
Today, many email providers such as AOL, Yahoo, Cisco, Microsoft, PGP, IBM, and Gmail collaborate to develop
more enhanced version of DKIM. DKIM offers methods for validating a domain name identity that is associated with a message through encoded DKIM signature header. It validates email by DKIM signature header. The public key stored in DNS.

[[Image:Email_header.jpg]]

== Anti-spam System and Techniques ==
There are many effective anti-spam solutions in the world. But still it is impossible to block 100% of spam because of the inefficient sendmail system. Still, most of email users suffer from unwanted emails. As described above, we can build better and more efficient sendmail systems through new anti-spam techniques so that users don’t need any spam filtering tools.

*'''Step One''': Insert TXT record (SPF and Domain Keys) into DNS zone file
*'''Step Two''': Set email server to validate emails have valid headers through TXT record of DNS server (Sender's DNS)
*'''Step Three''': It is good idea to use both SPF, DKIM and spam filters

== See Also ==
*[[Random Number Generators and Information Security]]
*[[Security and Storage Mediums]]
*[[Piggybacking]]
*[[Honeypot]]
*[[Phishing]]
*[[Biometrics in Information Security]]
*[[Electronic Voting Systems]]
*[[Payment Card Industry Data Security Standard]]
*[[Operating Systems Security]]
*[[Autocomplete]]
*[[Social Engineering]]
*[[Identity Theft]]
*[[Information Security Awareness]]

== External links ==
*[http://www.openspf.org SPF: Project Overview]
*[http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx Sender ID Framework]
*[http://dkim.org DomainKeys Identified Mail (DKIM)]
*[http://it.slashdot.org/article.pl?sid=04/09/13/1317238 IETF Decides On SPF / Sender-ID issue]
*[http://www.ietf.org/rfc/rfc4871.txt RFC 4871 - The DKIM Base Specification]

== References ==
*PROCMAIL QUICK START <[http://www.ii.com/internet/robots/procmail/qs http://www.ii.com/internet/robots/procmail/qs]>
*Opinion: Is It Time to Replace SMTP? By Dave Crocker (Cisco) <[http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-2/102_smtp.html http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-2/102_smtp.html]>
*SMTP <[http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol]>
*DomainKeys identified Mail (DKIM) <[http://dkim.org http://dkim.org]>
*Sender ID <[http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx]>
*SPF (Sender Policy Framework) Project <[http://www.openspf.org http://www.openspf.org]>
*SPF vs. Sender ID <[http://www.openspf.org/SPF_vs_Sender_ID http://www.openspf.org/SPF_vs_Sender_ID]>
*How Gmail Blocks Spam <[http://googlesystem.blogspot.com/2007/10/how-gmail-blocks-spam.html http://googlesystem.blogspot.com/2007/10/how-gmail-blocks-spam.html]>

--[[User:Leehw|Leehw]] 11:51, 8 December 2007 (EST)