Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 11-24-2017, 10:51 AM   #1
Baseband Member
 
Join Date: May 2012
Location: Canada
Posts: 60
Default the security of sending emails

Hello,

Our project manager has asked us to answer some security question for a few prospective clients. One ofthe questions is: If the client provides data via email, what security considerations should be made?

Consider the 'data' to be an attachment.

The main question on my mind is: is it possible for third parties to 'spy' on emails in transit? So if I send an email with an attachment, under what conditions would it be possible for a third party to see that email, and the attachment, and can they copy the attachment for themselves?

Are there any other security issues to be considered when sending emails with attachments?
__________________

gib88 is offline   Reply With Quote
Old 11-24-2017, 08:07 PM   #2
Fully Optimized
 
crazyman143's Avatar
 
Join Date: May 2004
Location: USA
Posts: 2,946
Default Re: the security of sending emails

most email servers use 'opportunistic' encryption meaning that if the servers on both the sending and receiving end support encryption, it'll be used. But if not, the email gets transmitted in plain text. In such cases the email and any attachements could be seen my third parties on the internet.

Generally emails are also stored on servers (user's mailboxes) in unencrypted format. So if that server is comprimised, the emails can be seen by others.

Thats why email isn't really considered a secure form of communication. There are methods of sending secured email such as PGP but that's complicated. For some added security, you could add your attachments to password protected zip files and then send those. 7-zip will encrypt a zip file and require a password.
__________________

crazyman143 is offline   Reply With Quote
Old 11-25-2017, 08:52 PM   #3
The Candyman
 
~mr mixx~'s Avatar
 
Join Date: Jun 2004
Location: USA
Posts: 11,312
Default Re: the security of sending emails

That's what I was going to say Crazyman.....just add the attatchment into a zip file and add a password.
__________________
" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 11-26-2017, 11:15 PM   #4
..m.0,0.m..
Site Team
 
iPwn's Avatar
 
Join Date: May 2010
Location: USA
Posts: 3,870
Default Re: the security of sending emails

If overly concerned about security, download and install AxCrypt (1.7!! I would stay away from the 2.0 update). Encrypt the file and ask the client to download and install the old version too. Whatever you encrypt the file with, send the key via some other means, e.g. text message, fax, snail mail.
__________________
Me: You'd think as the dominant species we wouldn't be so effing stupid.
J: We're just intelligent enough to be completely effing stupid.
iPwn is offline   Reply With Quote
Old 11-27-2017, 11:15 AM   #5
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: the security of sending emails

hmmm... this is for your work.
get a consultant it, a proper company that is accredited to setup secure systems...

I often find (as I work in IT) that when a company starts talking about "security", what comes soon after is a tightening of that, (i.e enforcing that security or failing to transmit.) auditing that security, testing that security, updating that security etc...

when you talk about emails, what starts as mails with password protection quickly escalates to secure/encrypted, with offsite backups and non-repudiation software in place.


to know if the server you have even supports encryption you will want to know what the name and version of your email server is. (or what service you have, and what tier of service you have.)
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 11-28-2017, 02:44 PM   #6
Baseband Member
 
Join Date: May 2012
Location: Canada
Posts: 60
Default Re: the security of sending emails

Thanks for the feedback everyone.
gib88 is offline   Reply With Quote
Old 11-29-2017, 04:12 AM   #7
Fully Optimized
 
joedaman633's Avatar
 
Join Date: Apr 2012
Location: England, Birmingham
Posts: 1,812
Default Re: the security of sending emails

Having a password protected zip is a good start, but I'd personally shy away from sending confidential data over email, and use a secure FTP server of some kind with controlled access.

If you must use email, it's better if each sender has their own unique certificate. This goes some way to ensure not that the data is secure, but at least you can be confident in the recipient and the sender (ie, you're not being sent false data by somebody pretending to be someone else)
__________________

__________________
Athlon II x4 645 || 1TB 7200rpm HDD || EVGA GTX 650Ti OC || 8GB DDR3 RAM || Windows 7 Home x64

i5 4210M || 500GB Samsung EVO 850 SSD || GeForce 825M || 16GB DDR3 RAM || Windows 10 x64
joedaman633 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:09 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0