Educause Security Discussion mailing list archives
Re: Secure File and Email Transfer
From: "Clark, Sean" <Sean.Clark () UCDENVER EDU>
Date: Wed, 12 Nov 2008 10:10:34 -0700
Daniel, I've been an email guy for a lot longer than I've been a security guy, so I will focus my suggestions on email-centric solutions. Our university is using Ironport for email encryption and spam/virus checking on the mail gateways. I can't say enough good things about the Ironport product: it is at least 10x more efficient at mail handling than our previous systems (currently handling ~15 million inbound messages a day on two Ironport appliances) -- and much better at detecting spam (blocking over 98% of the inbound traffic with false positives approaching zero). Those two Ironport appliances replaced 14 physical and virtual mail gateways that were running Sendmail and Sophos' Puremessage -- AND two Tumbleweed servers that were handling email encryption duties. I'm a big fan of simplification. Replacing 16 servers with 2 servers that actually do a better job of fulfilling their required duties is priceless! The Ironport email encryption is easy to setup and easy for end users to use: internal email users who are sending to addresses outside of our affiliate network can trigger the encryption by simply putting a predefined trigger word in the subject line -- and Ironport does the rest. TLS (Transport Layer Security) may also be a good option for gateway-to-gateway email encryption, depending on the receiving institutions ability to implement TLS on their end. We originally setup TLS to ensure a secure connection between researchers at our university and a drug company. After we setup TLS and configured our mail gateways to preferentially use TLS for mail transfer (ie when the other mail server was TLS-enabled), we found that quite a bit of our email traffic to other institutions was being encrypted. TLS is supported by Sendmail, Postfix, Exchange -- and Ironport. ;) Basic info on TLS: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1111138,00.html Sean Clark Manager, IT Security/Email/UNIX Systems UCDenver IT Services Sean.Clark () UCDenver edu 303-724-0486 **Please note my new email address!** ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel Bennett Sent: Wednesday, November 12, 2008 6:56 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Secure File and Email Transfer Hello All, I am conducting some research to determine the route that other universities are taking in securing files/emails when needed. I have found three solutions and I am wondering which of them other universities are implementing or if they are using other methods. The three are: 1. Public Key Infrastructure, issuing public/private keys to all employees. This is time consuming and requires key exchanges. I find this to require lots of time which translates into money to maintain and support. 2. Third party mediator. This is where an institution sends a file/email to a third party over a secure channel. Then the receiver is told by the third party that a file/email is waiting and they log into a site to download/view through a secure https connection. 3. Use secure ftp. Setup a secure ftp server and give vendors a username and password and they are notified when something is waiting for them. Any insight would be appreciated. Thank You, Daniel R. Bennett Pennsylvania College of Technology IT Security Analyst CompTIA Security+ 570.329.4989
Current thread:
- Secure File and Email Transfer Daniel Bennett (Nov 12)
- <Possible follow-ups>
- Re: Secure File and Email Transfer Clark, Sean (Nov 12)
- Re: Secure File and Email Transfer Jesse Thompson (Nov 12)