Difference between revisions of "The Basics of Email and Web Security"
(New page: For all its speed and convenience email is not without a few potential security problems. First and foremost is the fact that it is often transmitted over the public internet rendering con...) |
(→Secure Multipurpose Internet Mail Extension) |
||
| Line 15: | Line 15: | ||
In addition to encrypting email messages, PGP also attaches a digital signature to the messages which can be used by the recipient to verify that the message has not been modified in any way since it was transmitted. | In addition to encrypting email messages, PGP also attaches a digital signature to the messages which can be used by the recipient to verify that the message has not been modified in any way since it was transmitted. | ||
| − | == Secure Multipurpose Internet Mail Extension == | + | == Secure Multipurpose Internet Mail Extension (S/MIME) == |
The standard MIME protocol extends the Simple Mail Transfer Protocol (SMTP) to enable the inclusion of non-ASCII (i.e non-plain text) attachments such as binary, photo and audio files in email messages. | The standard MIME protocol extends the Simple Mail Transfer Protocol (SMTP) to enable the inclusion of non-ASCII (i.e non-plain text) attachments such as binary, photo and audio files in email messages. | ||
Revision as of 16:41, 19 February 2008
For all its speed and convenience email is not without a few potential security problems. First and foremost is the fact that it is often transmitted over the public internet rendering confidential information susceptible to interception. Anyone who has used an email account for more than a few days will also be painfully aware of the problems posed by the massive volumes of spam that inundate email in boxes throughout the world. The broad use and accessibility of Instant messaging also brings with it security threats and challenges.
A comprehensive security strategy also needs to take into consideration the risks associated with users using web browsers to access and provide information over the World Wide Web.
Each of these areas will be discussed in this chapter of Security+ Essentials together possible steps that can be taken to ensure a more secure IT environment.
Email Security
One of the biggest problems with email is that the messages are transmitted over the public internet. This means that it is theoretically possible for malicious parties to intercept email message transmissions and thereby gain access to what may be confidential information or data. The best way to avoid this is to use encryption to protect sensitive data when it is transmitted over the internet. Two such solutions are S/MIME and PGP.
Pretty Good Privacy (PGP)
PGP is based on the Pretty Good Privacy technology developed by Phillip Zimmerman in the early 1990's. The PGP program uses either RSA or Diffie-Hellman asymmetric encryption to encrypt messages before they are sent and to decrypt them on arrival at their destination.
In addition to encrypting email messages, PGP also attaches a digital signature to the messages which can be used by the recipient to verify that the message has not been modified in any way since it was transmitted.
Secure Multipurpose Internet Mail Extension (S/MIME)
The standard MIME protocol extends the Simple Mail Transfer Protocol (SMTP) to enable the inclusion of non-ASCII (i.e non-plain text) attachments such as binary, photo and audio files in email messages.
The secure version of MIME, known as S/MIME, was developed to allow for the encrypted email transmission of data over public networks. S/MIME uses RSA based asymmetric encryption and is supported by most modern email client applications.
