
	Email Encryption (SMIME & PGP)


	Home > Ask the Security Experts > Application Security Questions & Answers > Securing e-mail exchanges

Ask The Security Expert: Questions & Answers

EMAIL THIS

Securing e-mail exchanges

EXPERT RESPONSE FROM: Michael Cobb

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 24 November 2005
How do we secure our network so we can send confidential docs back and forth to our customers via e-mail? We are a mortgage broker and it's essential that all of the information we send over the Internet is private, secure and confidential.

EXPERT RESPONSE

In order to send e-mail over the Internet and still be sure it is private, secure and remains confidential you will need to provide digital certificates for your staff and your customers. Digital certificates allow e-mails to be digitally signed, encrypted and sent using S/MIME (Secure Multi-Purpose Internet Mail Extensions). Digitally signed e-mail and encryption will solve your issues of:

Confidentiality
Authenticity
Non-repudiation
Unsecured backups

S/MIME has become the standard method for sending secure e-mail, and most of the major e-mail programs, including Outlook, Outlook Express and Netscape Messenger support it. Using S/MIME is fairly straight-forward, particularly because you and your customers won't need to use the same S/MIME-compliant e-mail program, though browser-based e-mail accounts such as Hotmail don't support S/MIME.

When you send a digitally signed message, your digital certificate is sent along with it so your customers can use the certificate to verify that the message is from you and has not been modified. They can then use your public key, stored in the certificate, to encrypt a reply that only you can read it. This is done by decrypting the message with the corresponding private key installed on your machine. Likewise, if you wish to send an encrypted message to a customer, you must first obtain their digital certificate in order to be able to use their public key to encrypt the message so that only their private key can decrypt it. It is this aspect of secure e-mail communication, which can make it impractical if you want to send encrypted messages to thousands of customers. If your organization runs Windows server 2000 or 2003, you can use the free Microsoft Certification Authority, which can issue certificates for your staff and customers, but you will need to explain how they use the digital certificate that you issue to them. It is also important to remember that although S/MIME e-mail is securely transmitted once it is decrypted and read by the recipient, it can be copied or printed without limit, so you will still need to consider the nature and sensitivity of an e-mail's contents before sending it.

Sound Off! -

Be the first to post a message to Sound Off!

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security
	Protecting exposed servers from Google hacks (and Google 'dorks')
	Which automated quality assurance tools can be used to test software?
	Has proof-of-concept mobile device malware translated into any meaningful attacks?
	How to test the security of personal details submitted to a website
	Is security improved when the number of Internet gateways is reduced?
	Are Internet cafe users' email credentials at risk?
	Which operating system can best secure an FTP site?
	Will firewall technology have to adapt to applications that use port 80?
	How secure is a mobile phone platform that has an open source framework?
	What ports should be opened and closed when IPsec filters are implemented?

Email Encryption (SMIME & PGP)

Tumbleweed merger seen as a negative for email security customers

Secure messaging complications result in limited protection

Information security book excerpts and reviews

ING hopes to cut phishing attacks with encryption software

Companies still monitoring email manually, survey finds

Should iPhone email be sent without SSL encryption?

Can the symmetric encryption algorithm for S/MIME messages be changed?

Security vendor Postini acquired by Google

Which email encryption products can be released internationally?

What are the pros and cons of using an email encryption gateway?

Email Encryption (SMIME & PGP) Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

asymmetric cryptography (SearchSecurity.com)

cryptographic checksum (SearchSecurity.com)

data encryption/decryption IC (SearchSecurity.com)

deniable encryption (SearchSecurity.com)

elliptical curve cryptography (SearchSecurity.com)

Escrowed Encryption Standard (SearchSecurity.com)

MPPE (SearchSecurity.com)

Quiz: Cryptography (SearchSecurity.com)

session key (SearchSecurity.com)

Twofish (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy