Lab 3: Perform Email Encryption

Lab 3: Perform Email Encryption



Module 20: Cryptography

Lab 3: Perform Email Encryption

Task 1: Perform Email Encryption using RMail





RMail is an email security tool that provides open tracking, proof of delivery, email encryption, electronic signatures, large 

file transfer functionality, etc. RMail works seamlessly with users’ existing email platforms, including Microsoft Outlook and Gmail,

 amongst others. Using this tool, you can encrypt sensitive emails and attachments for security or legal compliance.


Here, we will use the RMail tool to perform email encryption.




refer to blog 



Lab Scenario

Currently, the majority of businesses use email as their primary source of communication, as it is simple and easy to communicate or share information. Emails can contain sensitive information about an organization such as projects, upcoming news, and financial data, which, when accessed by the wrong person, can cause huge losses to the organization. One can protect emails containing sensitive information by encrypting them.

As a professional ethical hacker and penetration tester, you must have proper knowledge of encrypting email messages so that sensitive information sent through emails remain intact. This lab will demonstrate how to encrypt email messages using various email encryption tools.

Lab Objectives

  • Perform email encryption using RMail

Overview of Email Encryption

Email encryption hides the email content from eavesdroppers by encrypting it into an unreadable form. Emails can be encrypted and decrypted by means of a digital signature mechanism that uses public and private keys: the public key is shared, while the private key is kept private.

There are numerous methods that can be employed for email encryption, including:

  • Digital Signature: Uses asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form
  • Secure Sockets Layer (SSL): Uses RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections
  • Transport Layer Security (TLS): Uses a symmetric key for bulk encryption, an asymmetric key for authentication and key exchange, and message authentication codes for message integrity
  • Pretty Good Privacy (PGP): Used to encrypt and decrypt data that provides authentication and cryptographic privacy
  • GNU Privacy Guard (GPG): Software replacement of PGP and free implementation of the OpenPGP standard that is used to encrypt and decrypt data

Task 1: Perform Email Encryption using RMail

RMail is an email security tool that provides open tracking, proof of delivery, email encryption, electronic signatures, large file transfer functionality, etc. RMail works seamlessly with users’ existing email platforms, including Microsoft Outlook and Gmail, amongst others. Using this tool, you can encrypt sensitive emails and attachments for security or legal compliance.

Here, we will use the RMail tool to perform email encryption.

  1. Click Windows 10 to switch to the Windows 10 machine.

  2. Launch any web browser (here, Google Chrome), Place the cursor in the address bar and click https://www.rmail.com/free-trial/, and press Enter.

  3. The RMail FREE TRIAL webpage appears, as well as the registration form. Fill in the required personal details.

  4. Check the I’m not a robot checkbox and click Start Free Trial

    1q.jpg

  5. The FREE TRIAL - GETTING STARTED page appears; click Apps page hyperlink.

    2.jpg

  6. The APPS & DOWNLOADS page appears; click the RMail for Gmail (Chrome) option from the available platforms.

    In this task, we will be using the Gmail platform to demonstrate the working of RMail. However, you can use RMail on the platform of your choice.

    3.jpg

  7. The RMAIL FOR GMAIL (GOOGLE CHROME) page appears; scroll down and click the ADD TO CHROME button.

    4.jpg

  8. chrome web store page appears; click the Add to Chrome button under the RPost for Gmail option.

    5.jpg

  9. The Add “RPost for Gmail”? notification appears; click Add extension.

    cry76.jpg

  10. RPost is added to the browser and an RPost for Gmail has been added to Chrome notification appears.

  11. Now, open a new tab in the browser and open the Gmail account within which you wish to implement email encryption

  12. Once you log in to your Gmail account, the RMail pop-up appears. Click the Activate button.

    cry77.jpg

  13. The Sign in - Google Accounts page appears; under the Choose an account, click on your account.

    cry78.jpg

  14. The RPost for Gmail wants to access your Google Account wizard appears; click the Allow button.

    cry79.jpg

  15. The Thank you For Choosing RMail page appears. Close the tab and navigate back to your Gmail account page.

  16. Click Compose from the left-hand pane; the email body appears. Compose an email and click Send Registered.

    If a tutorial pop-up appears, skip it.

    6.jpg

  17. The RMail Track & Prove pop-up appears; ensure that the Marked radio button is selected. Under the Register Replies section, check the Receive proof of content and time of replies to this message checkbox. Then, click the Encrypt tab.

    7.jpg

  18. In the Encrypt tab, check the Encrypt message and any attachments checkbox and click the E-sign tab.

    cry82.jpg

  19. In the E-Sign tab, check both the Send your attachments for electronic signature and Send e-sign request encrypted checkboxes. Click the Send Registered button.

    cry83.jpg

  20. In the Inbox, you can observe an Acknowledgement email with Proof of Sending.

  21. In this task, for the purpose of demonstration, we will open the recipient’s account and view the email.

  22. To do so, click on Windows Server 2019 to switch to the Windows Server 2019, click Ctrl+Alt+Delete to activate the machine. By default, Administrator profile is selected, click on Pa$$w0rd to enter password in the password field and press Enter to login.

    Screenshot

  23. Open any web browser (here, Google Chrome) and log in to the Gmail account of the recipient. Open the email from the sender.

  24. You can observe that the email received is tagged as a registered email wherein a document has been sent for the recipient to review and electronically sign to confirm his/her identity.

    You might receive an email in the spam folder.

  25. Click the View & Sign Document button to sign an agreement.

    8qq.jpg

  26. A new E-Sign webpage appears displaying the email content; click CONTINUE.

    9q.jpg

  27. The Instructions: How To E-Sign page appears; read the instructions carefully and click CONTINUE.

    11.jpg

  28. The attached document to the email (Business Strategy Model (2019)) appears, as shown in the screenshot.

  29. After viewing the attached document, click FINISH.

    cry87.jpg

  30. The Final Step - Please Complete the Information Below page appears with the Document Signature form. In the Please enter your name field, enter your name (Recipient’s name) and leave the Title field blank.

  31. Click the Draw It tab, and draw the signature in the tab and click the Click to Sign button.

    12.jpg

  32. The YOU’RE ALL DONE! page appears; close the current tab to return to the opened email. Click Inbox from the left-hand pane to navigate to the inbox.

  33. Open an email from RPost eSignOff Service. You can observe that it is an acknowledgment email from RPost along with various details such as Signed By, Date, Time, Original Recipient, IP, Message Id, etc.

    cry91.jpg

  34. Now, click on Windows 10 to return to the Windows 10 machine, where the sender’s account is opened. In Inbox, you can observe two emails (Receipt and RPost eSignOff Service). Click to open the Receipt email.

    You might receive a Receipt mail in the RMail Receipts inbox folder present in the left-hand pane.

  35. The Receipt email contains information about the Delivery StatusMessage Envelope, and Message Statistics of the sent email, as shown in the screenshot.

  36. The Receipt email also includes the DeliveryReceipt and HtmlReceipt attachments containing detailed information regarding the sent email.

    cry934.jpg

  37. Now, navigate back to the Inbox and open an email from RPost eSignOff Service. This email contains the same information as the email received from RPost eSignOff Service by the recipient.

  38. This concludes the demonstration of performing email encryption using RMail.

  39. You can also use other email encryption tools such as Virtru (https://www.virtru.com), ZixMail (https://www.zixcorp.com), Egress Secure Email and File Transfer (https://www.egress.com), and Proofpoint Email Protection (https://www.proofpoint.com) to perform email encryption.

  40. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 7: Perform Enumeration using Various Enumeration Tools

Image
  Lab 7: Perform Enumeration using Various Enumeration Tools Module 04: Enumeration Lab 7: Perform Enumeration using Various Enumeration Tools Task 1: Enumerate Information using Global Network Inventory Task 2: Enumerate Network Resources using Advanced IP Scanner Task 3: Enumerate Information from Windows and Samba Hosts using Enum4linux The details obtained in the previous steps might not reveal all potential vulnerabilities in the target network.  There may be more information available that could help attackers to identify loopholes to exploit. As an ethical hacker,  you should use a range of tools to find as much information as possible about the target network’s systems. This lab activity  will demonstrate further enumeration tools for extracting even more information about the target system. refer to blog Lab Scenario The details obtained in the previous steps might not reveal all potential vulnerabilities in the target network. There may be more information ...
Read more

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

Image
  Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools Module 05: Vulnerability Analysis Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools Task 1: Perform Vulnerability Analysis using OpenVAS OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability  scanning and vulnerability management solution. Its capabilities include unauthenticated testing, authenticated testing,  various high level and low-level Internet and industrial protocols, performance tuning for large-scale scans, and a powerful  internal programming language to implement any vulnerability test. The actual security scanner is accompanied with a regularly  updated feed of Network Vulnerability Tests (NVTs)—over 50,000 in total. Vulnerability Analysis to identify security loopholes using Parrot Security / OpenVAS // Vulnerability Assessment  - Applications --> Pentesting --> Vu...
Read more