data transfer with encryption mechanism

Dear Experts

We have a requirement to enable the secured data transfer from the users working remotely , the data types are documents sent through email and also upload though  web based applications, is there a way or solution where first keys exchanges happens from the user system to the corporate network and then after the data transfer is allowed please suggest the best practice solution our objective is to achieve highest level of secured data transfer at system level  and also through the application level, the strong encryption mechanism is the need. please suggest
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Web based transfers are most easy done with HTTPS...
When sending through mail you need to understand that mail might not be secured while in transit.  (depends on server willing to use smtps (or tls over smtp) in stead of straight smtp   and with SMTPS is was considered more important to encrypt then to validate Certificates. So there is hardly any verification setup.

So you need to check on S/MIME (using X.509 personal certificates).   or PGP .
For S/MIME to exchange public keys first an empty mail, with S/MIME signing is exchanged. After that the public keys attached to the mail address have been exchanged and encrypted mail can be exchanged. This is mean for local mail agents (Obviously sending "Private keys" to some public data hungry mogul serving web-based mail is not a wise move).

For PGP you need to personaly exchange and set keys to trusted and copy paste encrypted messages.
Both secure from Mail Agent -> Mail agent. (Mail agent = Outlook, KMAIL, thrunderbird, .... etc).

Then there is the option of putting document in a modern .zip file (AES Encrypted)  this won't help with mail but will help securing content of attachments if sufficient secure passwords are chosen.... think 25+ length passphrases not 8 character words.
(breaking the passwords can be done at leisure...).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
you're looking into a VPN or possibly an ssh tunnel or encrypted PPP tunnel.

if you do not know what i'm talking about look into "openvpn". it will allow the users to connect to the office LAN remotely over an encrypted connection and access local resources like they usually do from the office. once setup, you can close the direct access.

... or you can switch all remote access to SSL as suggested above.

note that this is most likely hardly useful as it is likely easier and much more efficient to hack the office than to sniff the links.
nociSoftware EngineerCommented:
If VPN is considered then IPSEC is also an option (possibly combined with L2TP).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.