Secure e-mail refers to the premise of the transceiver has both an e-mail a digital certificate, the sender by the recipient's digital certificate to encrypt messages so that only the recipient can read encrypted message, delivered on the Internet E-mail information will not be stolen, even if the message is sent to the wrong email or trapped, others cannot see the message content to ensure the security of communication between users.
Know about Secure Email?
As one of the core enterprise network applications, corporate e-mail for information exchange to provide a strong support. Bring people convenience, such as spam e-mail also brings information, the password is cracked, the message is monitoring and other security issues, with the development of secure e-mail technology, security issues are being encountered by email gradually resolved.
End-to-end Email Security:
End email technology to ensure secure email messages from being sent out to the entire process of receiving, the contents cannot be modified, and undeniable. PGP and S / MIME are two proven end to end secure e-mail standards. PGP (Pretty Good Privacy) is widely used by the one-way hashing algorithm to sign the message content to ensure that the contents of the letter cannot be modified, using public and private key technology to ensure the confidentiality and non-repudiation mail. The sender and the recipient's public key is stored in the open places, public authority can be signed certification by a third party. In the PGP system, trust is a direct relationship between the two.
S / MIME (Secure / Multipurpose Internet Mail Extensions), like PGP, the use of one-way hash algorithms and public key and private key encryption system. However, S / MIME and PGP also has two different aspects: first, S / MIME authentication mechanism relies on the certificate authority hierarchy, all organizations and individuals to the next level of higher-level certification organization responsible for the accreditation, while the top one mutual authentication between the level of the organization (root certificate); the second is S / MIME encrypted signature after the contents of the letter as a special attachment delivery. S / MIME certificate format uses X.509, and online transactions using SSL certificates have some differences. Abroad, Verisign provides S / MIME e-mail certificates to individuals; in the country, there are Beijing VeriSign company to support the standard. On the client side, Netscape Messenger and Microsoft Outlook support S / MIME.
S / MIME (Secure / Multipurpose Internet Mail Extensions), like PGP, the use of one-way hash algorithms and public key and private key encryption system. However, S / MIME and PGP also has two different aspects: first, S / MIME authentication mechanism relies on the certificate authority hierarchy, all organizations and individuals to the next level of higher-level certification organization responsible for the accreditation, while the top one mutual authentication between the level of the organization (root certificate); the second is S / MIME encrypted signature after the contents of the letter as a special attachment delivery. S / MIME certificate format uses X.509, and online transactions using SSL certificates have some differences. Abroad, Verisign provides S / MIME e-mail certificates to individuals; in the country, there are Beijing VeriSign company to support the standard. On the client side, Netscape Messenger and Microsoft Outlook support S / MIME.
Transport Layer Security
E-mail, including header and message body. To-end secure email technology generally only for the message body encryption and signature, letterhead mail traffic due to the need for addressing and routing, we must ensure the same. In some applications, it may require a header during transmission can be kept confidential, which requires technology transfer as a backing layer. There are two main ways to achieve e-mail security during transmission: one is to use SSL SMTP and SSL POP; the other is the use of VPN or other IP-channel technology.
SMTP (Simple Mail Transfer Protocol) is a standard letter of agreement, POP (mail Protocol) is the recipient of the protocol. SSL SMTP and SSL POP SMTP and POP protocols that run on the established SSL secure transmission channel, while these two agreements made some extensions to better support encryption and authentication and transmission. This model requires the E-mail client software and server-side E-mail servers support SSL certificate and must be installed.
VPN and IP-based channel technology encapsulates all of the TCP / IP services, but also to achieve a method of secure e-mail transmission. This model is often part of a network security mechanism.
Safety and reliability of the mail server
The establishment of a secure e-mail system, relying solely on safety standards is not enough, you also need to protect the security of the mail server itself.Mail server attacks against network intrusion and services can be divided into two kinds of damage. For network intrusion prevention, mainly depends on the rigor of the software programming. For damage prevention services, users can consider preventing external attacks, prevent internal attacks and prevent relay attacks in three areas.
Prevent attacks from external networks, including denial of service connection requests from the specified e-mail addresses and domain names, refused to greater than a predetermined upper limit of the number of the recipient mail, limiting the number of connections a single IP address, shelve suspicious correspondence. To prevent attacks from the internal network, including denial from the specified user, mail service request IP addresses and domain names, enforce SMTP authentication, SSL SMTP and SSL POP achieve to confirm user identity, to prevent relay attacks, including completely closed relay function in accordance with the letter and the recipient's IP address and domain name restrictions flexibly relay, relay, etc. in accordance with the recipient limit.
Prevent attacks from external networks, including denial of service connection requests from the specified e-mail addresses and domain names, refused to greater than a predetermined upper limit of the number of the recipient mail, limiting the number of connections a single IP address, shelve suspicious correspondence. To prevent attacks from the internal network, including denial from the specified user, mail service request IP addresses and domain names, enforce SMTP authentication, SSL SMTP and SSL POP achieve to confirm user identity, to prevent relay attacks, including completely closed relay function in accordance with the letter and the recipient's IP address and domain name restrictions flexibly relay, relay, etc. in accordance with the recipient limit.
0 comments:
Post a Comment