Gwebs Cryptographer

This guide will help you understand the basic facts about email security — what it is and why you need it.

What is Email Security?
On one level, email security is ensuring that your emails are secure: that is, it involves the maintenance of the basic information security concepts:

• Integrity - ensuring that your message has not had unauthorized alteration
• Confidentiality - ensuring that no unauthorized person (or process) has viewed the content
• Accountability - being able to prove who wrote the email
• Availability - ensuring that the email can be sent/received
• Non-repudiability - being able to prove that the recipient really did receive it

But more than the email itself is involved in email security. It also involves:

• Ensuring that you neither receive nor send malware hidden within the email or any attachments
• Minimizing the receipt of spam, scams, phishing expeditions and illegal content
• Ensuring that staff neither accidentally nor with malicious intent allow or send confidential, sensitive or illegal content within or outside of the company

Why do I need Email Security?

You need email security simply because failure to do so has both commercial and legal ramifications. An example that can illustrate both aspects would be infection with a highly destructive and virulent virus. Let us assume that your own systems are infected, and the virus payload is delayed but destructive: that is, you manage to infect, say, a competitor before this virus destroys your system.

The commercial implication is obvious: loss of your systems, data, records, etc. will be severely damaging if not fatal. But on the legal side, many lawyers believe that you could be held liable for any loss suffered by a third party that you infect, whether intentionally or even knowingly or not. If that third party were a competitor, then it would have little incentive not to sue the elbow off you.

And the history of internet litigation is already strewn with examples of both staff and competitors suing companies that have allowed compromising information to circulate within, or worse, to escape from, the company network.

It would be much safer to ensure your email is secure rather than risk the potential problems of insecure emails.

What do I need in Email Security?

Since so much is involved in email security, it is not surprising that you will be lucky to find everything you need in a single product. Just on the basis of the above discussion, you will need:

• Anti-virus software (to ward off viruses and worms)
• Anti-spyware software (to ward off trojans, adware and spyware)
• Anti-spam, -phishing, -scam software (to cut down on wasted staff time)
• Content security software (to make sure confidential, sensitive or illegal content is neither circulated within nor leaked from the company)
• A company email usage policy (to reduce staff misuse of the email, and give you some redress for when they do misuse it)
• And last but not least, a secure email (as opposed to email security) capability

The secure email system is possibly the hardest of all. The problem is that it inevitably involves encryption - and the only form of encryption that does not create administrative problems between the sender and the receiver is a Public Key Infrastructure (PKI). But PKI is expensive to run and administer - and gets you involved with even more requirements. For example, if you operate a PKI, then you need to consider identity management software and provisioning software. Nevertheless, if you are a large company with lots of sensitive data, then PKI is the obvious route. For single user RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) encryption method is a bit simplier and lighter to use. Quite many free encryption softwares are using RSA instead of PKI. The encryption is still “hack-proof”, which means that cracking it, it takes more than 100 years.

In particular, PKI and RSA can demonstrably provide four of the five security basics we noted at the outset of this article: integrity, confidentiality, accountability, availability, non-repudiability (availability is the one not specifically provided by PKI).

Where do I get Email Security?

If you are looking for email security software then you have a basic choice: you can look for best of breed point products in all of the above; you can look for an email security specialist that bundles different aspects within a single product or suite; or you can go for a hosted service. Or then you can just download our MailCloak-software from our company’s website (www.gwebs.com/mailcloak.html). Yes, it’s free!

Other related topics:

Encryption for Dummies
http://opsec.spaces.live.com/blog/cns!62F870188540FB1E!1097.entry

Public Key Infrastucture, PKI, encryption for dummies
http://www.networkworld.com/news/64452_05-17-1999.html

Public Key Infrastructure, PKI (Wikipedia)
http://en.wikipedia.org/wiki/Public_key_infrastructure

RSA encryption (Wikipedia)
http://en.wikipedia.org/wiki/RSA

Terminology and encryption algorithms
http://www.easeus.com/resource/encryption-algorithms.htm

Gwebs, PGP, Security, email, encryption, how to, personal, privacy email, encryption, guide, MailCloak, PKI, RSA, Security

When I started my work at Gwebs, this was one of my first questions. I mean, so far that our own products don’t support mobiles, smartphones, pdas, etc.  Anyhow, our product co-operates nicely with all software that use GnuPG (GPG), it’s tested with quite wide scale of applications.

I wanted to know how I can access my encrypted messages whenever and wherever. I just got so dependent on mobile usage of email from my previous job at one telecommunications company, sometimes you just have to be there 24/7 available, for your colleagues all around the world, your customers and clients. This is it what’s going on right now within IT-industry. Although, no-one is paying me 24/7 salary, but it just integrated for me as a habit. And now, sometimes I found myself at the bus stop reading my email, thanks for the reasonable price of data transfer.

I made some research about this topic and found out that encryption with GPG in smartphones is not so common than I thought. Although, nowadays, when smartphones are having Windows Mobile, Linux, Android, Apple, Symbian and maybe some other operating systems too. It seems to be easier to find a solution for encryption from PGP (Pretty Good Privacy).

I found out that Symbian used to have one component, made by Nokia, but no-one really knows is it still usable or not. About Apple and Android I really cannot say so clearly, ’cause both systems are pretty unfamiliar to me. So far Apple seems to have quite much research and development around iPhone, so I’m pretty sure that there are some encryption software as well.

Windows Mobile then, there seems to be a huge gap between versions (5.0/6.0/6.1/6.5) while searching supported applications, anyhow there are some software for encryption available. I haven’t tested these yet by myself, but will do later. At first I’d like to have the official update for WM 6.5.

Well, Linux is another chapter of it’s own. There are so many free, open-source encryption software available that it will be more difficult to find the one which suits the best for your needs, than just find one.

The other solution for encryption in mobile devices is PGP (Pretty Good Privacy), it’s not open-source and normally these applications are not free. But this also makes the difference to availability. There are so many PGP applications available for all these operating systems that I mentioned earlier. And of course, while the software is not freeware, you can expect some support for troubleshooting and equivalent for your money.

Anyway, I think that this is one of the main things nowadays while talking about email security and privacy. Because so big share of today’s business emails are sent by mobile devices, it’s really needed to have some software to obtain privacy within this communication way too. And for covering usability issues, it’s nice to have a software which co-operates with the same encryption method as while using a PC.

I’ll let you know later about my testing, WM 6.5 + PGP or GPG encryption software + MailCloak in PC. Having my own key in every single device (work, laptop and smartphone). And then testing it out, how it works and how easy it is really to use. But that’s going to happen after the Windows Mobile 6.5 release, which suppose to be soon.

Gwebs, PGP, Security, email, encryption Android, Apple, email, Email Encryption, Email Security, encryption, GPG, Gwebs, linux, Mobile, PGP, privacy, Symbian, windows

Sometimes you send and receive important email.

Do you know who is watching?

Your email can be viewed by anyone with access to the systems it passes through.

Check out this new video, and then start protecting your email!

MailCloak is compatable with dozens of email services. To learn more, check out Global Web Security’s Offical Website!

PGP, Security, email, encryption, privacy Email Encryption, global web security, gmail, gmail encryption, google, hackers, MailCloak, msn, protection, safety, Security, Video, yahoo

Today I was helping my mom setup new Gmail and AIM accounts, (now that gmail chat and AIM are linked, its essential to have an account on AIM and gmail, and to link them) and I was horrified to discover that she keeps all of her passwords, including her bank, email, credit card, web and domain hosting, and other crucial sites, in a word doc on the root of her laptop’s hard drive. AHHHHHA! What a recipe for disaster! “But what should I do?” she asked me. Her passwords are myriad, and all different (good), but she can remember none of them (bad!).

Here are several ways to keep your passwords safe (and the pitfalls):

1) Do like my mom, and keep all your passwords different, and in one “password file”, but encrypt that file with PGP, GWEBS WebmailSafety, or some other asymmetric encryption.

Pitfalls: A) You could forget your PGP password. B) You could lose your private key or your password file. C) Someone could steal your private key and your password file and guess your password. D) Someone could steal your password file and crack your private key.

Avoiding Pitfalls: A) Write down your pgp password somewhere, but don’t label it “PGP password” and keep it safe and long. B) Keep both a copy of your private key and your password file backed up and offsite, but not on someone else’s systems. C) Not likely, but again, you have to keep your password long and secure. D) Even less likely. Use a high bit rate algorithm. WebmailSafety, for example, uses 2048 bit RSA, and you would need to string together several of today’s most powerful supercomputers to crack that within your grandchildren’s life time.

2) Use a commercial password keeper, like Apple’s keychain or similar.

Pitfalls: these password keepers are only as secure as their implementations – and the user must decide which software to trust. Apparently Apple’s keychain is pretty secure, but you should always find out as much as you can about critical security software.

3) Use several passwords that you can remember, but different passwords on important or often-used sites. And never write any passwords down. For example Password A for email, password b for your online bank and password C for everything non-mission critical.

Pitfalls: The more you use a password, the less secure it is, and the more places you use, the less secure it is.

Avoiding pitfalls: For daily use and important passwords, choose long, strong, and hard to guess passwords, enter them manually and change them often. Daily use passwords are easy to remember because you are entering them all the time, and repetition breeds memories. Your non-mission critical passwords may be guessed, and if the intruder guesses one, they know them all, but again, these passwords are non mission critical, so this isn’t such a big problem.

Well, there are three solutions that I recommend. This is a big topic, so I look forward to user comments. Tell me what you do. How you keep your passwords secure, and if I missed some pitfalls, help me fill those in too!

PGP, passwords, personal, privacy encryption, IT, PGP, Security

Yesterday’s news of Hushmail.com passing information to the US Government is alarming to most people who consider privacy important. We use encryption to protect our privacy against industrial spies, nosy intruders, and hackers; but most importantly, we use encryption to protect ourselves against governments, which are becoming more and more nosey.

Read more…

PGP, Security, email, government, personal, privacy Internet Security, privacy