Re: Zip encryption

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Mon, 14 Jun 2010 17:00:29 EDT, Clifford Collins said:
> So, how do you prevent data leakage if you allow uninspectable, sensitive
> content to be sent off campus via e-mail?  Currently, our inbound and outbound
> mail filters block encrypted attachments.  It's painful for some but necessary
> until we can find a suitable solution. It is certainly not perfect. Your
> thoughts?

My thoughts? Turn it around 180 degrees - if your outbound mail filter *was*
able to introspect the encrypted data (or you prohibit the sending of encrypted
data), you'd probably *still* have a problem, just in the opposite direction
(you'd no longer be able to claim that any data you were transmitting was in
fact secured against snooping).  Remember - those users are probably sending
an encrypted zip file for a good reason.

You can somewhat finesse this by using a site-wide PKI and give the mail
scanner access to the appropriate encryption keys, except for two ugly
issues:

1) A mail scanner is a terrible place to have both single point of failure
and access to a lot of keys, especially when you don't control what people
are throwing at it (is there a mail scanner solution that *hasn't* had a
security issue in the last 2-3 years?)

2) If you're doing this on an outbound mail scanner, you just bought all
the PKI headaches of having to deal with external keys issued by some other
CA.  Yee-hah.

Bottom line - in general, you *can't* both ensure there's no data leakage
in mail going to external sites, *and* ensure that the data is secured
against snooping.  At some point, you'll have to decide which is the
more important given your organization's threat model (and it will quite
likely end up different for different business units within the organization).

Attachment: _bin
Description: