Security Basics mailing list archives

Re: passing sensitive information over wire;options are not enough?

From: William Taylor <WTaylor () FusionStorm com>
Date: Mon, 28 Mar 2011 13:24:41 -0700

Encrypt all password transmissions. I recommend Symantec PGP.

----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: security-basics () securityfocus com <security-basics () securityfocus com>
Sent: Sat Mar 26 04:28:55 2011
Subject: passing sensitive information over wire;options are not enough?

I want to know what are means and options available for exchanging password information over 
internet/extra-net/intranet?

In my opinion this is the least researched topic in the field of communication security.

I mean in the position i find myself right now where i'm asked to research and find alternative methods of exchange of 
credentials which does not include the usual which e.g email or sending it in a sealed envelope. The company i work in 
have business partners all over the world and we are in need of something quick,smart and secure.

Out of band management sounds right but then its so expensive and you can only do it with few limited number of clients 
not with hundred and thousands.

Is there one unified solution which could work for unlimited number of users and not just one or few?

Thank you. I need ideas and more practical ones

regards,

Me

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

CONFIDENTIAL. This e-mail and any attachment, is a confidential communication covered by work-product, and the 
Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521. If you received this message in error, please notify me 
by replying to this email message and destroy (delete) the original.  Thank you.

Current thread:

passing sensitive information over wire;options are not enough? a . alii85 (Mar 28)
- Re: passing sensitive information over wire;options are not enough? Edd Burgess (Mar 29)
- Re: passing sensitive information over wire;options are not enough? Vedantam Sekhar (Mar 29)
- <Possible follow-ups>
- Re: passing sensitive information over wire;options are not enough? William Taylor (Mar 29)
- Re: passing sensitive information over wire;options are not enough? noloader (Mar 29)