Re: Email Security Policies/Practices for Staff

[Brian Epstein <bepstein () IAS EDU>]

On Tue, 2006-11-28 at 16:57 -0500, Jeff Giacobbe wrote:
> In our Systems and Networking groups we have instituted a de-facto
> policy of using GnuPG in conjunction with The Enigmail plugin for
> Mozilla Thunderbird.  The GnuPGP + Enigmail combo allows us to easily

I have started to implement a similar system here as well.  I have begun
by giving a Security Talk to the computing group, introducing them to
PGP/GNUpg.  I made it a fun experience by starting with the web of trust
to gain interest.

I got a lot of participation once I started showing a graphical web of
trust on our internal security site.  People really worked hard at
verifying keys to get the "most" signatures.

If you are interested in graphing your web of trust, I started with the
software that the Philadelphia Linux Users Group uses to generate the
graphs.  You can find it here:

        http://www.phillylinux.org/keys/

If you are interested in my modified version of the utils, let me know.

My next step is to do training for the Administrative Staff, although
I'm not sure how well that will be received.

Thanks,
Brian

-- 
Brian Epstein <bepstein () ias edu>                        609-734-8179
Network and Security Officer            Institute for Advanced Study
Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A

Attachment: signature.asc
Description: This is a digitally signed message part