Tip

Encryption methods to prevent email eavesdropping

In the first of this two-part series, below, Brien Posey explains when to use digital certificates and digital signing to keep your email from being viewed by third-party eyes. In part two, he'll explain how to configure email encryption in Microsoft Outlook.

For many people, email has become as commonly used a communications tool as the telephone. This being the case, we quickly forget that email is anything but secure. An entire message between you and your recipient can easily be viewed by someone using a protocol analyzer to capture and reassemble packets as they flow across the wire. If you are just sending someone a joke or maybe a party invitation, this probably isn't a big deal. If you are sending sensitive information, you should probably encrypt your message.

Sensitive messages

The definition of a sensitive message differs from person to person. In my opinion, if you wouldn't want a copy of the message posted for anyone in the world to see, then you should treat the message as sensitive. It might contain technical information related to your computer system (which could be used to hack into the system), information about your identity or finances or anything personal or potentially embarrassing.

Email encryption methods

If you decide you do want to encrypt your email messages, the next step is to figure out how. Third-party products can be used to encrypt email messages, but if you're using Microsoft Outlook, you've got almost

    Requires Free Membership to View

everything you need.

Before you can encrypt messages through Outlook, you will need a digital certificate, which is basically the key for an algorithm used to encrypt email messages and their attachments. Such a certificate can also be used as a digital signature; it signs a message electronically to tell the recipient that the message really is from you and not from an imposter. It also guarantees that the message has not been altered in transit.

Digitally signing messages might not seem important at first, but digital signatures can protect you against fraud. For example, someone once had a real hoot impersonating my email address and sent a few nasty letters to one of my editors. Since I wasn't in the habit of signing my messages, I had no way of proving the messages were fraudulent. Fortunately, my editor knew my writing style well enough to recognize that I didn't write the message. Had the message gone to someone else, things could have ended much differently.

So where do you get a certificate? There are several companies that provide digital certificates. My personal preference is VeriSign, which offers a Class 1 digital certificate for about $20 per year. Large companies can save a significant amount of money by deploying their own certificate authority. Windows Server 2003 can function as a certificate authority without requiring you to purchase any additional software.

HEADS UP: If you do decide to deploy your own certificate authority, you must aggressively protect the server against all threats. If someone were to compromise your certificate server, he could pretty much own your network. Furthermore, losing the certificate store on that server due to hardware failure or natural disaster could be devastating to your network.

Stay tuned for part two on how to configure email encryption in Microsoft Outlook.

About the author: Brien Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.


This was first published in May 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.