Every step towards ease and automation adds an element of risk, yes. OTOH, trying to train everyone in the org who needs to send secure mail to do so with locally and manually encrypted PGP/GPG messages would be hideously unproductive, and would expose many organizations to needless IP theft and/or lawsuits.
Defense in depth still works, and will help to mitigate risks brought about by automation. The alternative is simply locking down everything and going home. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Dec 9, 2015 at 6:58 PM, Mark Gottschalk <[email protected]> wrote: > BTW, received a couple of these today masquerading as a secure message > delivery system (this is just a screen grab of the antivirus log; the > original email is in quarantine): > > > This one is poorly executed, but there is no reason it couldn't mimic the > layout and style of one of the secure mail system's emails. It could be an > HTML attachment that fakes the recipient into thinking they are browsing > and logging into the secure system to grab credentials or whatever. > > Using the Cisco Secure email David sent to the list earlier as a template, > a miscreant could craft a good fake. Ironically, it would probably be more > effective against recipients who are used to receiving emails from a > particular secure email service. > > Off the top of my head I don't have an alternative idea for a > easy-to-understand secure mail system, but I don't like these sort of > services much better than going through the headache of exchanging messages > with certificates. > > -- Mark > > > From: Frank Ress <[email protected]> > To: "[email protected]" <[email protected]> > Date: 12/09/2015 12:48 PM > Subject: RE: [NTSysADM] Encrypting File Attachments > Sent by: [email protected] > ------------------------------ > > > > Citrix ShareFile offers a nice encryption solution that I’m evaluating at > the moment. > > We’ve been using Sharefile for many years purely as a hosted file sharing > solution, but we’ve had a recent request to support encrypted email, and > ShareFile offers this with one or two of their corporate plans. It’s > implemented as an Outlook plugin, and users simply turn on encryption from > a control added to the Outlook ribbon. It sends an email to the recipient > with a link to the site and instructions how to create an account and > retrieve the message. External users can route responses through the > encryption service, as well. Both the message itself and any attachments > will be encrypted. > > The other nice feature is that it can be configured to automatically > redirect oversize attachments to the file sharing service, rather than have > messages that exceed the size limit fail. > > Not free, but what is? > > Frank Ress > Gas Technology Institute > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *CSSU NetAdmin > * Sent:* Wednesday, December 09, 2015 10:39 AM > * To:* [email protected] > * Subject:* [NTSysADM] Encrypting File Attachments > > We have a need to encrypt certain files before sending them via e-mail > either within our system or to addresses outside our system. The receiver > would need to open the file without having any special software on their > machines. Does anyone have suggestions for what we can use? > > Thanks. > > > ------------------------------ > > This communication is for the use of the intended recipient only. It may > contain information that is privileged and confidential. If you are not the > intended recipient of this communication, the disclosure, copying, > distribution or use hereof is prohibited. If you have received this > communication in error, please advise me by return e-mail or by telephone > and then delete it immediately. > >
