Gwebs Cryptographer

This guide will help you understand the basic facts about email security — what it is and why you need it.

What is Email Security?
On one level, email security is ensuring that your emails are secure: that is, it involves the maintenance of the basic information security concepts:

• Integrity - ensuring that your message has not had unauthorized alteration
• Confidentiality - ensuring that no unauthorized person (or process) has viewed the content
• Accountability - being able to prove who wrote the email
• Availability - ensuring that the email can be sent/received
• Non-repudiability - being able to prove that the recipient really did receive it

But more than the email itself is involved in email security. It also involves:

• Ensuring that you neither receive nor send malware hidden within the email or any attachments
• Minimizing the receipt of spam, scams, phishing expeditions and illegal content
• Ensuring that staff neither accidentally nor with malicious intent allow or send confidential, sensitive or illegal content within or outside of the company

Why do I need Email Security?

You need email security simply because failure to do so has both commercial and legal ramifications. An example that can illustrate both aspects would be infection with a highly destructive and virulent virus. Let us assume that your own systems are infected, and the virus payload is delayed but destructive: that is, you manage to infect, say, a competitor before this virus destroys your system.

The commercial implication is obvious: loss of your systems, data, records, etc. will be severely damaging if not fatal. But on the legal side, many lawyers believe that you could be held liable for any loss suffered by a third party that you infect, whether intentionally or even knowingly or not. If that third party were a competitor, then it would have little incentive not to sue the elbow off you.

And the history of internet litigation is already strewn with examples of both staff and competitors suing companies that have allowed compromising information to circulate within, or worse, to escape from, the company network.

It would be much safer to ensure your email is secure rather than risk the potential problems of insecure emails.

What do I need in Email Security?

Since so much is involved in email security, it is not surprising that you will be lucky to find everything you need in a single product. Just on the basis of the above discussion, you will need:

• Anti-virus software (to ward off viruses and worms)
• Anti-spyware software (to ward off trojans, adware and spyware)
• Anti-spam, -phishing, -scam software (to cut down on wasted staff time)
• Content security software (to make sure confidential, sensitive or illegal content is neither circulated within nor leaked from the company)
• A company email usage policy (to reduce staff misuse of the email, and give you some redress for when they do misuse it)
• And last but not least, a secure email (as opposed to email security) capability

The secure email system is possibly the hardest of all. The problem is that it inevitably involves encryption - and the only form of encryption that does not create administrative problems between the sender and the receiver is a Public Key Infrastructure (PKI). But PKI is expensive to run and administer - and gets you involved with even more requirements. For example, if you operate a PKI, then you need to consider identity management software and provisioning software. Nevertheless, if you are a large company with lots of sensitive data, then PKI is the obvious route. For single user RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) encryption method is a bit simplier and lighter to use. Quite many free encryption softwares are using RSA instead of PKI. The encryption is still “hack-proof”, which means that cracking it, it takes more than 100 years.

In particular, PKI and RSA can demonstrably provide four of the five security basics we noted at the outset of this article: integrity, confidentiality, accountability, availability, non-repudiability (availability is the one not specifically provided by PKI).

Where do I get Email Security?

If you are looking for email security software then you have a basic choice: you can look for best of breed point products in all of the above; you can look for an email security specialist that bundles different aspects within a single product or suite; or you can go for a hosted service. Or then you can just download our MailCloak-software from our company’s website (www.gwebs.com/mailcloak.html). Yes, it’s free!

Other related topics:

Encryption for Dummies
http://opsec.spaces.live.com/blog/cns!62F870188540FB1E!1097.entry

Public Key Infrastucture, PKI, encryption for dummies
http://www.networkworld.com/news/64452_05-17-1999.html

Public Key Infrastructure, PKI (Wikipedia)
http://en.wikipedia.org/wiki/Public_key_infrastructure

RSA encryption (Wikipedia)
http://en.wikipedia.org/wiki/RSA

Terminology and encryption algorithms
http://www.easeus.com/resource/encryption-algorithms.htm

Gwebs, PGP, Security, email, encryption, how to, personal, privacy email, encryption, guide, MailCloak, PKI, RSA, Security

Sarah Palin’s hacked Yahoo! Mail account is old news. But the sheer simplicity of the method used to gain access should still be of concern to every computer user.

Almost everyone knows a strong password is important. (Check out how to make an ultra-strong password in three steps.) However, even if you have a strong password, there are other ways to gain access to your accounts.

As Palin found out this past summer, the weakest link in account security isn’t the password itself, it’s the password reset mechanism. Many online accounts will allow users to reset their password by answering a few security questions. If a hacker answers those questions correctly, they can reset your password and gain complete access to your account.

Herbert Thompson, a writer at Scientific American, wrote an article detailing how he broke into an acquaintance’s online banking account using information that was freely available online. His first-hand account of strong-arming his way into sensitive financial information (with his friend’s permission, of course) made me question the security of all my online accounts. If it only took him a couple of hours to figure it out, how long would it take a professional hacker?

This could happen to you. Find out how to protect yourself from this security loop-hole.

Read more…

how to, passwords

Don’t let the title scare you! It’s actually quite easy.

So, you have an SSH account somewhere (you may not even know it, but if you have a web page or a blog, most likely your host provides you with an SSH account) and you want to browse the web through a proxy… Well it took me a while to figure it out, but I have a quick solution for Windows, Mac and Linux.

Basically, here’s what happens:

Read more…

encryption, how to, privacy, walkthrough how to, life hack, linux, mac, proxy, quick tricks, ssh tunnel, tutorial, Walk Through, windows

Using a strong password is an important part of keeping your information secure. Even if you encrypt your data and email, using an easy-to-guess or machine-guessable encryption password makes encryption a completely moot point.

Creating a strong password doesn’t have to be hard. Making a strong password really is as simple as 1, 2, 3. Check it out.

Read more…

how to, passwords how to, password, password guessing

The WebmailSafety Tour!

WebmailSafety is Gwebs new encryption product for Gmail, Hotmail, Yahoo! Mail and AOL Mail and with WebmailSafety’s new 2.0 release out yesterday, it’s high time for a walkthrough!

But first, be sure to download WebmailSafety 2.0 at www.gwebs.com!

1. The First Time You Run Gwebs WebmailSafety
2. Logging into Webmail With A Secure Browser
3. Receiving Normal Email
4. Receiving Encrypted Email
5. Sending Normal Email
6. Sending Encrypted Email
7. The Invitation Process

1. The First Time You Run Gwebs WebmailSafety.
   1. Follow the wizard to create a WebmailSafety account and bind one or more email addresses to it.
   2. When you create an account, WebmailSafety automatically generates a key pair
      (a public key and a private key,)
      and binds it to your new account.
2. Logging into Webmail With A Secure Browser.
   1. Run WebmailSafety and click on a bound email address.

   

   2. WebmailSafety launches a safe version of Microsoft Internet Explorer (The plug-in is only installed when you
      launch MSIE from within WebmailSafety) and directs it to the correct domain.

   

   3. Manually login.
3. Receiving Normal Email: It Just Works!
4. Receiving Encrypted Email: It Just Works!
5. Sending Normal Email.
   1. Go to the Gwebs icon in the Windows Task Bar and select “Disable Temporarily” so that it becomes checked.*
   2. Send email as usual.

*The WebmailSafety Tray Icon should appear inside a circle with a line through it. (like this: )

6. Sending Encrypted Email.
   1. If WebmailSafety is disabled, go to the Gwebs icon in the Windows Task Bar and select “Disable Temporarily” so that it becomes unchecked.*
   2. If attaching files be sure to enter your recipient before selecting the files, so that WebmailSafety
      knows who’s key to use when encrypting the attachments.
   3. Send email as usual.**

*The WebmailSafety Tray Icon should appear normal. (like this: )

7. The Invitation Process: If you don’t have a person’s public key.
   1. WebmailSafety will notify you that you don’t have their public key.
   2. Enter a Passphrase.

   

   3. WebmailSafety uses AES-256 Symmetrical Encryption to encrypt your email with this passphrase.
   4. WebmailSafety automatically attaches your public key and a WebmailSafety download link to this email so the recipient can easily install WebmailSafety, read, and reply to this email.
   5. Call, SMS, IM, or use some other method to tell your contact this passphrase.
   6. When the recipient replies to this email, their public key will be attached to their reply
   7. Now that you have their public key, simply send them email from the safe browser and it will be encrypted.

Well, that’s it for the walk through! Hope you enjoyed it, and don’t forget to check out www.gwebs.com for more info and new downloads!

Gwebs, Security, WebmailSafety, email, email encryption, encryption, help, how to, software, walkthrough decryption, Easy To use, encryption, Gwebs, how to, Instructions, tour, Walk Through, webmail, WebmailSafety