The concern with many email systems today is that any individual with access to any of the switches, routers and hubs between your outbox and your recipient's inbox is able to read your unprotected email. Even if the email body is encrypted, the header data can offer vital clues to prying eyes. Cyberspace is filled with individuals and organizations who constantly seek information to exploit for profit or malice.
This presentation reviews various email encryption solutions, and includes a live demonstration of their respective weaknesses. Using Wireshark (packet sniffer), Traceroute (router and POP counter), and Telnet (to simulate email), the following will be demonstrated:
Outlook: Send normal email via non encrypted channel. Use Wireshark to decode captured email.
Outlook: Set up for PGP encryption; import PGP keys; exchange PGP keys with recipient. Send PGP email; capture packets to reveal mail headers, same as S/MIME.
Outlook: Send email via TLS encryption. Capture packets, reveal mail headers.
Outlook: Send secure email, using required tag [SECURE] in subject line; or, install plugin.
Windows Mobile: Send email over SSL, show outbound email decrypted.
Gmail: Connect to gmail via secure browser (Firefox on https). Send email, watch as Google unencrypts email after it is sent.
This session explores the regulatory, systemic, and practical aspects of email encryption to assist IT professionals and email administrators in making effective choices to protect their organizations’ email communications.