19

Email is one of the main tools of business communication. On the other hand, it is not a secure way of communication. But to what extent it is not secure?

I have always wondered how sensible it is to use email, for example, for sending:

  • e-tickets (transportation, entertainment and the like)
  • software license files (even Microsoft used this way of sending licenses in plain open format)

I don't mention transferring passwords by email, which, I think, is always not sensible.

So, to boil down my question: how insecure it is to use email for transferring potentially sensitive information from the practical point of view?

Scott Pack
  • 15,167
  • 5
  • 61
  • 91
rem
  • 2,017
  • 2
  • 19
  • 27
  • Between servers it is plain-text unless you use PGP, so I fall back to my Newspaper-editor Father's advice: "Never say or write anything that you couldn't endure being printed on the front page" – SDsolar May 18 '17 at 08:46

4 Answers4

10

To answer your boiled-down question: How insecure is email? Practically speaking email is subject to attack by DNS spoofing, WIFI interception, and untrusted network administrators just to name a few.

To mitigate this you need to consider the different aspects that need security. It's likely most companies will fall short in security in at least one of the following areas, so anything you send could be in clear text and visible by someone other than your intended recipient.

Under each facet of security I listed relevant products grouped by how they are technically implemented. Ask yourself these questions based on the content you're sending over email:

Message Sender Verification

Does the recipient need proof that it was you who actually sent the message?

  • SenderID/SPF Records (weak verification)
  • Domain Keys / DKIM (strength depends on implementation)
  • DMARC (Strong validation of the display from user... hybrid of SenderID and DomainKeys)
  • PGP or s/MIME (may cause compliance issues if journaling or message auditing is required)
  • Portal-based products (Voltage, Proofpoint, Zixmail)
  • Microsoft RMS server + Outlook

Message Transport

Do I need to prevent unauthorized reading or modification of the email sender's MTA and my MTA?

  • Enforced TLS, with certificate validation. Non-validated certs are subject to MITM attacks.
  • Zix-based TLS is a private TLS network that doesn't require manual configuration
  • PGP or s/MIME (may cause compliance issues if journaling or message auditing is required)
  • Portal-based products (Voltage, Proofpoint, Zixmail)
  • Microsoft RMS server + Outlook

Reading the message

Must I ensure that only the intended recipient is able to read the message content?

  • PGP or s/MIME (may cause compliance issues if journaling or message auditing is required)
  • Portal-based products (Voltage, Proofpoint, Zixmail)
  • Microsoft RMS server

Must the client endpoint be secure? (applies if above 3 products aren't used)

  • The target network administrator is delivering email using a secure transport (Encrypted MAPI, POP3 over TLS, etc)
  • The target device is secure. This applies to workstations, and mobile devices.
  • Microsoft UAG adds features to OWA where the endpoint is audited and will delete left-over attachments in %temp% and restrict or deny access to features as policy dictates
  • An alternative to UAG is to block attachments from reaching the client (as Henri first mentioned)
Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
7

everything that grant access or give sensitive information of possible exploit. This include clear text password, serial numbers and url to persistent private resources(billing documents , certificates etc.). IMHO data that needs real world confirmation is not a problem (e-ticket for example) since when you exhibit such credential to real world checker your are also asked for a document.

The key is to send only "One time" valid resources or send information on different media (e ticket by mail and activation number by sms) this maybe do not solve the security issue but mitigate the risk

Sammyrulez
  • 171
  • 3
6

For security auditing email consider the following scenario besides the answers mentioned before:

Should the users be able to open their email at every location? That is, at home, at a public place, in an internet cafe?

If so, consider blocking email-attachments in combination with webmail. The problem with email attachments is that they're stored on the local drive when opened from web. Of course I dont have to explain that this breaches the confidentiality of your data....

This is a real scenario which has happend to multiple businesses I came acorss when doing an audit.

Henri
  • 1,525
  • 10
  • 11
5

Securing email via PGP or Voltage or with services like HushMail obviously improves the chances of retaining the confidentiality and integrity of the content.

Sending sensitive information via cleartext (unencrypted) email definitely ignores the confidentiality and integrity security tenets.

Sending cleartext email essentially implies you trust every system that passes the email along with the contents - including any and all the servers that may temporarily store or log the email along with all the people managing those same systems. Sending or receiving wirelessly exacerbates the risk.

I tend to want to reduce how many systems and people I need to trust to pass sensitive information (i.e. secure all email which contains sensitive data).

Tate Hansen
  • 13,714
  • 3
  • 40
  • 83
  • 1
    the problem of PGP is that all of the recipients should have it enabled otherwise either emails can't be sent or will be sent unencrypted or unsigned! – Phoenician-Eagle Nov 13 '10 at 17:20