General discussion


How do you guarantee e-mail security?

By debate ·
Do you agree with Jonathan Yarden that the only way to guarantee e-mail security is to not use e-mail at all? How does your organization approach e-mail security? What protection does it use? Share your comments about guaranteeing e-mail security, as discussed in the Dec. 8 Internet Security Focus e-newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

E-mail insecurity

by pinger2k In reply to How do you guarantee e-ma ...

I think we all agree that SMTP protocol is inherently insecure.

But just because email security is not guarantee doesn't mean we shouldn't use it.
What it means is we shouldn't use email for to communicate sensitive or confidential information.

If confidentiality of information is important, PGP should be used as Jon suggested.

However, if the organization is handling confidential information most of the time, it should consider an enterprise version of PGP.

Just my 0.02 cents.

Collapse -

Post card

by mansonc In reply to E-mail insecurity

Email is really as open as using a postcard.
Would you send confidential business information on one?

At least the postcard is anonymous and cannot be tracked & intercepted in the postal system, well, not as easily as email can be on the internet.

Collapse -

Agreed, the story was VERY appropriate, tho

by Zadok0552 In reply to Post card

I am using this story to educate my customers. I can talk and talk, but when it shows up in print, well...

I believe the author intended for us "security pros" to, once again, inform users that email is not secure. I especially like your post card metaphore. Mind if I use it when describing the problem to my customers?

Collapse -

Acceptable Risk

by govzgeek In reply to Agreed, the story was VER ...

After having reviewed the comments up to the time of this message, I believe this is nothing more or less than another case of acceptable risk. Nothing is 100% secure, whether it's an email, a network, or my 'ex' getting ready to go out to dinner. What is the risk you or your customer is willing to take based on resources involved and expected outcome? How many government or corporate networks have NO physical connection to the outside? How many of these are housed within 'dampened' rooms? -Can't really say, but I've seen a few. On the other hand, how many systems are 'plugged-in' via ADSL or cable modem without ANY firewall or basic security patches in place? -Too many --we've all seen our firewall logs and the thousands of hits we take 24/7.

The driving question is simple: What level of risk is acceptable to you or your users. We all know ANY transmission can eventually be decrypted. We've read the horror stories of 'leaked' email, subpoenaed email, and stolen data.

Just like the physician telling you not to eat that Philly cheese steak pizza, smoke that cigarette, or inhale that spray paint; we should inform our customers of the issues; showing how the process of sending, relaying, and receiving email (not too in-depth tho). The better you can explain the situation to people with varying levels of understanding, the better your chances of success.

Having gone through the technology 'hierarchy', I've been fortunate to experience it from different levels: -as the young technician warning people of the issues (otherwise known as beating my head against the wall), -as the sage (biting-my-tongue), well-paid consultant coming in (AFTER the fact) to 'fix' the disaster (without being able to fix the underlying problem), and finally, -as the director who sets policy based on input from what? -Best Practices of other leading government technology organizations, my peers, and finally (possibly the most important source), -That young technician who thinks they're beating their head against the wall.

Great article! I would like to add that ANY email policy should include some aspect of education so the users can understand the rationale. Otherwise, it will continue to be abused/ignored until someone gets caught or security is breached. There's NOTHING like learning the hard way... remember Melissa.W? I think December 14th, 1999 will be etched in my mind forever (that's the day my most computer savvy user infected the White House Chief of Staff's system) and everyone but our legal department called to ask why all their word documents had been reset to 0bytes (our legal office insisted on WordPerfect -of course they were safe because Corel wasn't a target).

Sorry for the feckless meandering -I guess my adderall wore off. Once again, thanks for all the great inputs! I've enjoyed reading them all.

Collapse -


by remrose45 In reply to How do you guarantee e-ma ...

it is impossible.., just to avoid virus., is just the same as you don't use internet.

Collapse -

Impossible -- I agree

by anniemae46 In reply to impossible

Always have a backup -- very simple; sure, that does not solve the problem of data falling into the wrong hands, but it can minimize the damage.
I agree, we must encourage common sense (how long has WORM.KLEZ been on the top list?!) and effort in keeping systems secure, but we should not back away from efficient communication. If you become a target for someone with time and money they will find a way to access confidential information regardless. What about laws? Could those help to protect us?

Collapse -

Confusion on security?

by Dave Howe In reply to How do you guarantee e-ma ...

The author seems to confuse traffic analysis (and physical security at the endpoints) with message content security.

On the whole, as a business email user I don't care if someone knows that company A (a customer) sends me email, or that Company B (a supplier) does the same. The *content* of that message is obviously of high importance, but the traffic is not.

As a private person, I care a little more about traffic analysis - what business is it of some random observer who I talk to? but for this there are ways and means. I can conceal as much as I need to - for instance, by subscribing to a privacy-protective email service such as Hushmail, or by use of the anonymous remailler network, or simply by (ab)using a open proxy server to relay my TLS mail connection directly to the recipient's ISP.

PGP (and indeed, even such lowly packages as the 7-zip compression program) can effectively and cheaply protect content at rediculous levels of strength - and while it is true that traces may remain at the endpoints if myself or my correspontent are careless, it is *more* likely that one or both of us would insecurely dispose of a paper missive than that the automated (and free!) swap and freespace erasers would fail in such a way as to not remove all trace of deleted mail once the machine is rebooted.

Collapse -

E-mail Reality

by rmcintire In reply to How do you guarantee e-ma ...

Although I agree with most of what John Yarden has to say regarding e-mail security, there is one sticking point in his argument - the conclusion.
To propose a "Don't use e-mail" approach as a solution to security seems a bit extreme, and in many cases not viable.
We all know that e-mail is clear text and not very secure. And I'm sure that many are aware of e-mail server log entries and the vulnerability to sniffing anywhere betwen e-mail point A and point B. And, in an absolute sense, John's position is correct - if you can't risk detection of e-mail correspondence, the safe route is to find an alternate means of communication. But, before we go all cloak-and-dagger, let us consider the reality of the situation. Many companies have gone to great lengths and expense to drag their users into the modern world of office communication. It is a world wherein the paper-based memo typed by a secretary has been replaced by an e-mail typed by the manager. It is an enabling paradigm that improves productiviity in the workplace. Users have embraced this form of commununication and made it their own. And now we say to them, "your communication is not secure"? Now that we have our users on-board, we sink the ship? It appears that we, as IT professionals are contradicting ourselves, which does little for our credibility.
If we preach too much security to our users, won't they hesitate to use e-mail at all? Rather than that, shouldn't we work toward a more universally secure e-mail transport? Why not just implement currently available e-mail security solutions?

Although I believe you can never be too vigilant with security, in this case I believe its all about the approach. And shouldn't it be incumbent upon us as IT professionals to provide secure solutions to our users, so that they need not concern themselves with the security of their e-mail communications?

Robert McIntire

Collapse -

Re: Email Reality

by Zadok0552 In reply to E-mail Reality

I agree - "'s all about the approach."

I have agonized about installing encryption in email clients for customers who are "upper level managers." It is they (managers) who supposedly would have the most sensistive information that could show up in their email. Frankly, I just don't believe that they able to handle the change to "secure solutions." I know of 1 manager out of 5 who would even agree to discuss any changes to his/her email procedure (Yes, one has to be trained on PGP before one can effectively use the encryption.) There is VERY little chance that I could convince one of these busy managers to deploy PGP unless I frightened them by using this story. Even after reading the story, they (the managers) will place encryption so low on the priority list that it will never happen.

So, I will frighten them on a quarterly basis and hope that, as a result, they wil take care to screen their email content before they push the "send" button.

Collapse -

Other side of the fence

by Todd In reply to How do you guarantee e-ma ...

I can relate to the Article. What John is saying is... we all need to use more common sense when sending e-mails.

I like the postcard theory... would you be telling your mistress how much you love her if you know the card could easily be read by her husband.. :)

One member suggested using encryption was enough because they did care if one person knew about him talking to other vendors competitors etc...
Yet I can say I know of "literally" a million dollar deal that was cancelled because it was discovered that a supplier was going to become a vendor also, putting the distribution company in direct competition with their customers. It was an e-mail from a manufacture left laying around that ?let the cat out?.

I had arguments with superiors, because they print out all emails and file them away. When I asked why they did this, they said it was to cover their backsides. I pointed out that without the email data from the server, it wouldn't 'prove' anything. Anyone could forge a printed e-mail.

I can say, I even know of lawyers who use public, unsecured internet fax services to transmit contracts and other confidential information to each other.
(Even after they were warned that said information could be viewed by unauthorized people.

While I understand what Jon was saying? I would tell Jon, he?s wasting his time. Until someone gets caught using obtained information from the internet and people are show the potential problems that exist, no one is going to care. They figure their privacy is protected when it?s not.

Related Discussions

Related Forums