TechTarget

Security for free: Don't trust everything in e-mail

E-mail security has several threads, as there is a wide range of vulnerabilities. We have all heard about the Love Bug, BadTrans,...

E-mail security has several threads, as there is a wide range of vulnerabilities. We have all heard about the Love Bug, BadTrans, and malicious code in attachments or e-mail messages has become a serious threat.

Most of these make use of convenience facilities - click-to-open file associations; HTML e-mail formatting; macros in attached documents; e-mail preview - which therefore constitute hazards.

So turn off these features and learn to put up with the limited inconvenience that goes with being more secure.

Confidentiality is at least as important in business. E-mails are, by default, sent in clear text across a connectionless Internet. Every waystation has to store the message, for a while at least, so any number of unknown and untrusted computers hold, and may retain, copies of e-mails sent.

Encryption can help, but standards are still not well defined, so although you can co-operate with a regular correspondent to use compatible encryption, messages to new customers are a different matter.

It is also easy to forge an e-mail: the sender address in the "from" field is not a trustworthy indication of the source. Digital signatures can help, but both parties have to support the same standard. So if an e-mail looks odd in any way, use your loaf - phone the apparent sender and check.

Finally, as an e-mail now has the same validity in some aspects of law as a written document, it could come back and bite you, so never send confidential or contentious information in an e-mail. Above all, stay alert and don't fall for the obvious.

Mike Barwise is a consultant at www.computersecurityawareness.com/
This was first published in July 2002

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close