[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 457
  • Last Modified:

Email Encryption


I am wanting to encrypt the emails sent between 2 sites in the company i am working for. I dont know too much about encryption for email, and i was hoping you all could put forward some suggestions.

Currently what i have

I have 2 windows 2000 networks running as workgroups
I have 2 websites hosted by the same company each with email addresses, one will have SSL in 2 weeks.
Both sites are hosted on Linux servers and i believe use Squirel Mail (or something like that)
All clients use Outlook 2003
All clients are using Win XP Pro
We are on an ADSL internet connection

What i am wondering is:

What would be the most secure way to handle email encryption.
what would be the most cost efective way to handle email encryption.

Im sorry if this seems vague but as far as email encryption goes i dont really know where to start.

Gavin McMillan
1 Solution
This may be your answer...


actually you have two (more or less) costeffective possibilities:

- Using PGP (or better GnuPG, as it's free) --> http://www.gnupg.org
- Using X.509 certificates

the former one can be implemented very quickly, just generate a private/public key pair on both sides and then cross-sign the public keys.
Now you can use A's public key to encrypt and B's private key to sign B's mail destined for A.

For using X.509 certificates, both sides have to sign up for a certificate on a well known certification authority (CA), for example Trustcenter, VeriSign,...
As these certificates are bound to your identity and the CA guarantees that you are the person you pretend to be, you have to proof your identity against the CA, which is done via post-ident at your local post office in most cases.



Those two are the ones i recommend.
Both are different however. The first one automaticly encrypts every e-mail sent to the other, and when it arrives there, its decrypted (so while its on its way to the target, its unreadable text.) Its easy to use, but i dont exactly know how secure it really is.

The second is more a heacy duty one. As the text explains, 1303 32 bits numbers are generated, of which 768 are selected to really do the encryption. As they claim (which is true, if you do a little mathimatical calculation) This is almost unbreakable, since not all data counts in. The only "Catch" however, is that both sides need the decryption key, and its a 1 time only key.

Now, which one would i advice? well... depends on your needs. The first is a lot easier, but also less secure. The second is really hard to crack, but you need the key. It all depends on what you need, both how strong and how easy to use.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

no new links, but a brief description of the difference of the previous given suggestions.

First you have to tell us if you just wont to crypt the traffic between your own servers and clients (see 2. below), or also crypt traffic to any other recipient (see 1. below).

1. if you need a general purpose solution, you best go with PGP http://www.pgp.com/ and/or GnuPG http://www.gnupg.org/
  While GnuPG is free, PGP is well integrated on (all) most M$ platforms.

2. here you need to decide if you want to encrypt all traffic, or just the email content
  for traffic use VPN or other secure tuneling protocols (SSL, IPSec), that means that you just setup trusted tunnels between your (remote) servers
  If you want to encrypt the mail content you can use PGP/GPG as described in 1. above
  or probably more effectiv PGP's "PGP Universal" (see http://www.pgp.com/)

If you accept proprietary solutions the snapfile tools might do the work too.
Depending on the data traffic it might be a good idea to set up a VPN or go for the even more secure (but more expensive) private (rental) line.
> .. private (rental) line.
== leased line ?
what should be more secure on a leased line?
Or does the provider realy enshure that it's a point-to-point wire without any posibility to just clip a sniffer on it somewhere? I doubt.
IMHO there is no ig advantage for a leased line to a simple connection over internet.
Encryption makes traffic more secure, in both cases.
>>Or does the provider realy enshure that it's a point-to-point wire
>>without any posibility to just clip a sniffer on it somewhere?
Nope LOL

But at least that way you are protected from users from the internet. And clipping a sniffer is mostly too much of an effort.

But you could always point back to "Nothing is 100% secure."
> .. clipping a sniffer is mostly too much ..
hmm, I'm just thinking about my phone wires arround my house and in the street, there is no protection at all, and one of them then is the leased line. Click. Who cares?

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now