Information Security all in one place!

Web Based Email Security Part 1 of 3

English: Gmail logo

A Secure Web Email Option

If you’re anything like me you wonder if your online email account is really safe. It is a legitimate concern to have in my opinion. So, you read the privacy statements and go to the help section and lookup the security and there really isn’t too much to go on and are forcibly convinced that it is safe. Don’t misunderstand what I am saying; the email that is stored on the server is safe. What I am touching on here is the actual traveling of your email message on the internet. Well I have found a neat little free program that will help you secure your emails by using digitally signing and encryption.

What most web based email users don’t realize is that most online web email hosting companies, such as Hotmail, Yahoo, Gmail, or even your own domain name, can be setup to have Microsoft Outlook 2007/2010 manage your mail account on your desktop. So this got me thinking. I can enhance the security of my web mail account through my Outlook 2007/2010 client. How? Read Below…… And stay tuned for parts 2 and 3 of this document.

For its most basic functionality the topics I explain here can be implemented fairly easily with no prior experience necessary. But for the sake of this post I will explain in more detail the areas that are important to understand before you implement this “tweak” in security.

Let’s start by explaining one key term: email security

 

What is email security?

Well let’s compare it to this scenario. You have a Post Office mailbox (1. web email) outside your house correct? Pretty much everyone does. Let’s say you have some not so nice teenagers (2. Hackers) in your neighborhood that like to have fun playing “mailbox baseball” (intercept email messages). Now in terms of security it comes down to when not if. So it is only a matter of time before those teens get to your mailbox. What can we do to safe guard our mailbox? Make it so those teens do not want to come to your house on their sprees. Well let’s take a look; we can cement the post in right? This will make it sturdy and secure, (3. Outlook, configured properly). But what else can we do to ward off the smashing teens. We can wrap the mailbox in a heavier metal, maybe some steel bands (4. encryption).

Rules of email security:

  • Unless you know someone you know is sending you an attachment, do not open them.
  • Please do not click on links in your emails, from people you know, spam, etc. I will go over a few ways here to give you the ability to spot Phished email messages but you can never be too careful.
  • Do not sign up for everything you can that require an email address; you will regret it, I promise.
  • Always protect what you can. If you cannot secure the connection to your web based email client, then secure its data. Use a certificate, sign and encrypt the data so no one else can read it. This will show that you are a legitimate person.

 

We have touched the surface and now that we have gone into some of the basics, let’s get on with securing your email with a self-signed certificate.

I would like to introduce if you do not already now, to TekCert. TekCert is from the makers of TekRADIUS and is a free download from their website. This program is a lightweight, user friendly, Self Signed Certificate Generator. You can create a free certificate or certificates for a wide range of purposes. Purposes that go beyond the scope of this document, we will be focusing primarily on email integrity and securing your email. But this program is also perfect for the lab enthusiast to be used as a learning tool.

 

Stay tuned for Part 2 of this three part document.

Advertisements

Let's hear what you have to say.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s