> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of Preston Kutzner
> Sent: Wednesday, May 14, 2008 12:09 PM
> To: pete.hill (at) sit-up (dot) tv [email concealed]
> Cc: security-basics (at) securityfocus (dot) com [email concealed]
> Subject: Re: Email Encryption
>
> On 14 May 2008 08:08:07 -0000
> pete.hill (at) sit-up (dot) tv [email concealed] wrote:
>
> > Hi there,
> >
> > I am currently running through a PCI program at my company and am
> looking for recommendations on an email encryption tool.
> >
> > We currently use a licensed version of Winzip, but I have heard that
> this may not be up to job as far as passing a PCI DSS audit is
concerned.
> >
> > Is Winzip good enough? and if not, what should we be using to get a
> pass on this?
> >
> > Many thanks
> > Pete
> >
> More information would be handy to help give a reasonable answer.
What
> OS are you using? What MUA are you using? What are you trying to
> encrypt in your email? If you're using WinZip currently, I would
> assume you're just looking to encrypt the attachment. Are you also
> looking to be able to encrypt (and sign) the entire email message? Is
> compression necessary for your application?
>
> As far as email encryption is concerned, typical methods for this
> application usually consist of either SSL certificates or PGP/GPG
> encryption.

Pete,
You may also want to look into a centralized secure email gateway. They
typically work as an add-on, or in conjunction with your existing MUA.
They work by intercepting email messages based on any number of criteria
and then simply send a notification to the recipient that a secure email
is waiting for them. The recipient then follows a link in the email and
connects to the secure web front-end to retrieve the message. Solutions
exist from organizations such as tumbleweed, rsa, pgp and others. I
hope this helps.

Dan Didier
www.NetSecureIA.com

[ reply ]