Security Basics mailing list archives
RE: Email Encryption
From: "Daniel I. Didier" <ddidier () netsecureia com>
Date: Wed, 14 May 2008 14:59:52 -0400
-----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Preston Kutzner Sent: Wednesday, May 14, 2008 12:09 PM To: pete.hill () sit-up tv Cc: security-basics () securityfocus com Subject: Re: Email Encryption On 14 May 2008 08:08:07 -0000 pete.hill () sit-up tv wrote:Hi there, I am currently running through a PCI program at my company and amlooking for recommendations on an email encryption tool.We currently use a licensed version of Winzip, but I have heard thatthis may not be up to job as far as passing a PCI DSS audit is
concerned.
Is Winzip good enough? and if not, what should we be using to get apass on this?Many thanks PeteMore information would be handy to help give a reasonable answer.
What
OS are you using? What MUA are you using? What are you trying to encrypt in your email? If you're using WinZip currently, I would assume you're just looking to encrypt the attachment. Are you also looking to be able to encrypt (and sign) the entire email message? Is compression necessary for your application? As far as email encryption is concerned, typical methods for this application usually consist of either SSL certificates or PGP/GPG encryption.
Pete, You may also want to look into a centralized secure email gateway. They typically work as an add-on, or in conjunction with your existing MUA. They work by intercepting email messages based on any number of criteria and then simply send a notification to the recipient that a secure email is waiting for them. The recipient then follows a link in the email and connects to the secure web front-end to retrieve the message. Solutions exist from organizations such as tumbleweed, rsa, pgp and others. I hope this helps. Dan Didier www.NetSecureIA.com
Current thread:
- Email Encryption pete . hill (May 14)
- Re: Email Encryption Preston Kutzner (May 14)
- Re: Email Encryption Adriel Desautels (May 14)
- Re: Email Encryption m0untainrebel (May 14)
- RE: Email Encryption Daniel I. Didier (May 14)
- Re: Email Encryption Gregory Boyce (May 14)
- RE: Email Encryption TBarnhart (May 14)
- Re: Email Encryption Adriel Desautels (May 15)
- RE: Email Encryption TBarnhart (May 14)
- Re: Email Encryption Ansgar -59cobalt- Wiechers (May 14)
- <Possible follow-ups>
- Re: Email Encryption khushbu . jithra (May 15)
- Re: Email Encryption khushbu . jithra (May 15)
- Re: Email Encryption Adriel Desautels (May 16)
- Re: Email Encryption Preston Kutzner (May 14)