The Problems with Secure Email

Written by ArticSoft


Continued from page 1

We are familiar withrepparttar paper world and it has some benefits. You can usually see if someone has already opened your mail. The Post Office can often cope with wrong addressing and still get it torepparttar 132029 right place. You believe thatrepparttar 132030 delivery service is going to behave inrepparttar 132031 way that you expect and you know that a proof of delivery from them is accepted byrepparttar 132032 authorities.

E-mail is rather different. There is no way of telling who readsrepparttar 132033 mail unless you take actual steps to make it impossible. The e-mail Post Office can’t cope with any address errors whatsoever. It has no idea if any ofrepparttar 132034 addresses onrepparttar 132035 mail are correct and can’t tell if they have been altered. There is no plain envelope to stop people readingrepparttar 132036 contents and it is possible for hackers, government agencies and almost anyone else to readrepparttar 132037 mail. Proof of delivery is worthrepparttar 132038 paper it is printed on.

An impossible dream?

No. E-mail can be made secure, but you have to take a few things into account.

The first thing to understand is that you can’t do much aboutrepparttar 132039 addresses, orrepparttar 132040 subject line. Nothing about these can be made secure. Don’t ever believe them when you read them.

Different systems may allow you to securerepparttar 132041 message text ofrepparttar 132042 e-mail, but you have to be very certain what that security is, when it is added, when it is removed, and how you would prove it had been secured afterwards. These are fundamental to you if you are going to rely onrepparttar 132043 security mechanisms later as proof that something happened.

The second thing to understand is that you can never (with current systems) send anything secret to someone you don’t know. It’s not possible. You have to have a ‘public key’ of theirs before it can be done. You can’t, with conventional systems, send information to ‘anyone’ in a particular group, function or business. You have to send to specific individuals.

The third thing to understand is thatrepparttar 132044 protection that you apply to an e-mail has to be something thatrepparttar 132045 recipient can deal with. E-mail systems don’t currently relaterepparttar 132046 keys used for information protection torepparttar 132047 recipients ofrepparttar 132048 e-mail, and don’t know what algorithmsrepparttar 132049 recipient is likely to have. This is because there are far too many unnecessary choices forced onto users of these systems and services (or set by administrators who are making choices based upon their own prejudices rather than looking at usability). If you use somethingrepparttar 132050 recipient can’t process you are wasting your time. But you can’t affordrepparttar 132051 time needed to sort this kind of problem out.

Problem solving strategies

Most ofrepparttar 132052 difficulties identified can be avoided by ignoringrepparttar 132053 e-mail systems completely and concentrating instead onrepparttar 132054 information to be sent. This could be anything – a Word document, a text file, some HTML, a graphic or even a video. Whatever you do should not alter its content, and it should not be possible to remove your security beforerepparttar 132055 information is securely inrepparttar 132056 computer ofrepparttar 132057 recipient.

This means that your protection software is going to have to protectrepparttar 132058 file in such a way that an attacker cannot removerepparttar 132059 protection without you being able to detect it. (That’s notrepparttar 132060 same as pretending a fake document is real. Since much ofrepparttar 132061 information you get is not protected, today you make value judgments on what is ‘right’ based upon your own feelings, or you ‘phonerepparttar 132062 sender and ask them to confirm what they actually sent. So removingrepparttar 132063 protection and making subtle changes to documents that you might then believe is perfectly feasible.)

The recipient is then in a position where their first step is to checkrepparttar 132064 authenticity ofrepparttar 132065 file they have received. That avoids any possibility of misunderstanding what is protected and what is not. The file isrepparttar 132066 thing that is protected, and not other parts ofrepparttar 132067 e-mail that may, or may not be correct.

Oncerepparttar 132068 recipient has checked thatrepparttar 132069 file is authentic they can go ahead and use a copy of it that has hadrepparttar 132070 protection removed. This is an essential step, because they must not be able to alter, or add to,repparttar 132071 file that they received and still have it claim that it was ever authentic (unless, of course, you have some system that maintains a copy of each different thing inrepparttar 132072 file, protected by each person that has altered or added to it).

This approach may not seem as ‘elegant’ as having everything automated, but it is a lot more secure, and prevents any mistakes or misunderstandings about who has signed what, and therefore what can be relied upon.

ArticSoft (www.articsoft.com) have over 30 years experience in the field of computer security, and 15 years experience of securing information on personal computers and messaging systems. Our CEO Steve Mathews, is one of the authors of BS7799 (now ISO/IEC 17799) and is well recognized in the security industry.


More Free Tools Increase Security For Your PC

Written by Jim Edwards


Continued from page 1

The first test, "Test My Shields," checksrepparttar security of your Internet connection itself and how much system and personal information others can obtain without your knowledge.

The second test, "Probe My Ports," attempts to find open ports on your computer and evaluate how and where a hacker could enter.

Both tests will help you spotrepparttar 132026 most common and obvious vulnerabilities most of us face when connected torepparttar 132027 Internet. Also to its credit (and unlike similar sites), this website doesn't use these tests as a lead-in to try to sell you anything.

Free Anti-Virus Software

Visit www.grisoft.com to download a free anti-virus software package that rivals anything you could buy. The software comes with free updates on virus definitions (critical for up-to-date protection) and will even certify your outgoing email as virus free!

I have used this software myself and, though nothing rates perfect, I have found it rivals products costing $50 or more. If you don't carry virus protection software on your computer, stop this minute and go to www.grisoft.com to downloadrepparttar 132028 free version now.

With so many resources and advice available for free, no valid excuse exists for not immediately securing your computer against hackers, vandals, viruses and malicious code.

Jim Edwards is a syndicated newspaper columnist and the co- author of an amazing new ebook that will teach you how to use free articles to quickly drive thousands of targeted visitors to your website or affiliate links...


    <Back to Page 1
 
ImproveHomeLife.com © 2005
Terms of Use