Security Quiz Answer

E-mail Security Essentials: Quiz Answers

E-mail security essentials

1.) When evaluating security, I offer a framework as a way of looking at the problem. What are the three parts of this evaluation methodology, my "holy trinity of security?"

The "holy trinity of security" is authentication and authorization, privacy and data integrity.

From the webcast:

Listen to the webcast for further explanation.

<< Back to quiz
























































E-mail security essentials

2.) Anyone involved in e-mail security has to look at multiple layers to see the different security issues. I call this an "onion." Briefly, starting from the network and transport layers and working your way up, recall the layers that are important in evaluating e-mail security.

On top of network/transport (TCP/IP), the SMTP layer (RFC 821 or 2821) comes first. Then, the Internet Message Format (RFC 822 or 2822) packages up the message and its headers. On top of that, you will generally find MIME encapsulation and message formatting (lots of RFC numbers). And, on top of MIME there are the 'upper layers' of security to worry about: content such as viruses, worms, spam and anything else that violates company policy.

From the webcast:

Listen to the webcast for further explanation.

<< Back to quiz
























































E-mail security essentials

3.) People interested in Sender ID see it as a way to reduce spam. How can Sender ID help?

Sender ID doesn't address the spam question directly. Sender ID is a way of saying, "This message from this domain was sent by an approved server." Spammers who are willing to expose their real domain name can use Sender ID just as well as any other corporation. What Sender ID can do for the spam problem, indirectly, is let you "distrust" messages that come from the wrong server. For example, if you get a message purportedly from "AOL.COM" that didn't come from one of AOL's approved servers (according to Sender ID), you can factor that into the calculation on whether that message is spam or not. You can also refuse to accept mail that doesn't pass basic Sender ID checks. While that has the potential for a lot of false positives, it also will reduce the possibility of someone forging mail and causing security problems with spam or viruses.

From the webcast:

Listen to the webcast for further explanation.

<< Back to quiz
























































E-mail security essentials

4.) If your firewall doesn't allow for SMTP extensions such as TLS encryption or MIME SIZE advising, what's the best solution?

If you're dealing with a reputable vendor, a software upgrade will usually solve those problems. If not, these products can often be sold on eBay. Read the article for further explanation.

<< Back to quiz
























































E-mail security essentials

5.) S/MIME can provide authentication, privacy and integrity checking. Why isn't S/MIME the perfect solution to e-mail security?

S/MIME has a variety of scalability problems. Everyone has to have a digital certificate, and there has to be a trust relationship between the signers of these digital certificates. In this world, there is no "root CA" as there is a "root DNS server," so establishing that trust relationship can be a tedious and manual process. In order to encrypt messages to someone, I have to get their digital certificate. I could find it in an online directory somewhere, but most e-mail clients don't support that, which means that I have to keep a stash of certificates -- a scalability problem. When a message has been encrypted with S/MIME, it can't be virus scanned, spam scanned, policy scanned or effectively archived, which might be a problem for companies with regulatory or industry rules about what has to be done with e-mail. And, if I ever lose my private key, then I can't decrypt old mail that might have been sent to me encrypted.

Read the article for further explanation.

<< Back to quiz

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: