Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Handlers Diary Blog - Secure E-Mail Access InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Secure E-Mail Access

Published: 2012-02-07
Last Updated: 2012-02-07 02:18:33 UTC
by Johannes Ullrich (Version: 1)
10 comment(s)

Recently attacks by the "not so sophisticated persistent threat" focused on e-mail security. In many cases, e-mail credentials were either brute forced, or retrieved from compromised databases (in some of these cases, password re-use was a contributing factor).

During Wednesday's threat update webcast, I would like to do a segment focusing on e-mail security, and was wondering what our readers do to secure e-mail. Some of the challenges I see:

- the use of "cloud based" e-mail services like gmail.
- mobile access to e-mail
- access to e-mail from multiple devices 
- e-mail encryption and authentication (PGP/S-Mime)
- e-mail forwarding security (if someone has e-mail forwarded to a personal e-mail address)

Please let me know if you have any novel ideas to address these problems that I should cover, or if you would like me to cover any additional questions.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: email php smime
10 comment(s)
Diary Archives