Page 1 of 1
Idiot-proof encryption systems
Posted: Mon Aug 23, 2010 11:41 pm
by Gekko71
I'm looking for an encryption system for our organisations sensitive emails. Unfortunately I work with a large number of people who are very ignorant of security issues so it needs to be VERY simple to use and implement.
I am looking at something cheap to implement as well (open source / free would be good) as I have little to no budget for this, and it must be as secure as I can make it - 128 bit encryption or better.
I have looked at PGP but I'm hesitant as I'm expecting public/private key management to be difficult.
If there's something that can incorporate hardware and software (eg: the necessary presence of a usb key plus password to open emails) that would be good.
All recommendations and advice would be welcome. Thank you people.
Posted: Mon Aug 23, 2010 11:46 pm
by fliptw
without a good training regimen, then no technological solution will work well.
ignorance can't be treated with technology by itself.
Posted: Mon Aug 23, 2010 11:54 pm
by Avder
Another factor to consider is the fact that is is simply a big fat pain in the ass for people to strictly follow proper security procedures. If this is simply one more in an ever growing pile of security procedures, you can expect your users to ignore it with the same indifference that they show existing procedures. Find a way to make this new scheme make your procedures simpler overall and you have a greater chance of success.
Posted: Tue Aug 24, 2010 5:35 am
by Heretic
No such thing as Idiot-proof technology. There will always be an error between the keyboard and chair back.
Posted: Tue Aug 24, 2010 10:15 am
by Gekko71
Okay, maybe idiot-proof is a poor choice of words.
I have forgotten about enterprise-wide solutions and am now aiming at senior management only IE: guys who need to send secret emails to a select number of contacts but only have average-user tech skills.
I would like something with a two part security option: Security key on a USB plus access password.
Client-to-client would be nice but Server-side is acceptable if there's no other option.
Again - all comments welcome.
Thanks to everyone who has commented so far.
Posted: Tue Aug 24, 2010 9:40 pm
by Starken
A timely subject these days. Check out the following for \"user friendly\" email encryption.
open source:
http://www.djigzo.com/
commercial:
http://www.zixcorp.com/
Posted: Tue Aug 24, 2010 9:46 pm
by AlphaDoG
Good info Starken, Thanks.
Posted: Sat Aug 28, 2010 8:56 am
by Gekko71
Agreed - thanks Starken, thanks guys
Posted: Sat Aug 28, 2010 6:07 pm
by Krom
You may be able to accomplish a lot of this with truecrypt. Otherwise PGP is probably next best on the list. Although a lot of this depends on what email clients you are using and what type of mail server you are using, PGP and Truecrypt likely have plugins for outlook that greatly ease the process.
Also if you are already using an exchange server it is probably moot to begin with.
Re:
Posted: Fri Sep 03, 2010 8:06 am
by Gekko71
Krom wrote:You may be able to accomplish a lot of this with truecrypt. Otherwise PGP is probably next best on the list. Although a lot of this depends on what email clients you are using and what type of mail server you are using, PGP and Truecrypt likely have plugins for outlook that greatly ease the process.
Also if you are already using an exchange server it is probably moot to begin with.
Truecrypt looks promising - thanks Krom.
Posted: Fri Sep 03, 2010 9:23 am
by Kilarin
but, unless you create individual containers for each, truecrypt doesn't encrypt emails, does it? Unless they've added something new? Creating a new truecrypt container for every email would certainly be secure, but not convenient.
Truecrypt is WONDERFUL, and would certainly make it easy to encrypt the users drives. I just didn't think it could conveniently solve the problem of sending unencrypted emails across the network.
Enlighten me!