NETWORK SECURITY TACTICS
Encryption and electronic mail
Mike Chapple
05.13.2003
Rating: -4.25- (out of 5)
|
Thanks to diligent education efforts by security administrators, almost every modern computer user is aware that electronic mail, in its standard form, is insecure. The SMTP and POP standards that govern Internet e-mail exchange provide no inherent security capabilities, and it's a trivial task for even the most novice hacker to create a falsified (or spoofed) e-mail message.
Let's take a brief look at the ways that encryption technology may be applied to electronic mail to make it more secure. In this tip, we'll examine some general techniques that may be used, while future tips will focus on specific applications.
In general, there are four main security goals that users of electronic mail wish to achieve:
In order to achieve these goals, security-conscious users implement a public- or private key cryptosystem. (If you're not quite sure of the difference between these two, you may wish to take a moment to read Jeff Schmidt's Primer on Encryption.) The type of cryptosystem selected will affect the number of goals you are capable of achieving. Refer to the table below for more details:
[TABL
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
E]As you can see, public key cryptosystems provide added functionality over their private key counterparts. The trade-off is that private key cryptosystems require less computational overhead and are capable of operating much faster than public key systems.
At this point, you're probably asking how cryptosystems achieve these goals. Private key cryptosystems achieve the goals in the following manner:
Let's take a similar look at how public key cryptosystems achieve these goals:
And that's e-mail security in a nutshell! Keep a close eye on this space for future tips providing insight into specific applications of these techniques.
About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
