Recently attacks by the not so sophisticated persistent threat focused on e-mail security. In many cases, e-mail credentials were either brute forced, or retrieved from compromised databases (in some of these cases, password re-use was a contributing factor).
During Wednesday's threat update webcast, I would like to do a segment focusing on e-mail security, and was wondering what our readers do to secure e-mail. Some of the challenges I see:
- the use of cloud based e-mail services like gmail.
- mobile access to e-mail
- access to e-mail from multiple devices
- e-mail encryption and authentication (PGP/S-Mime)
- e-mail forwarding security (if someone has e-mail forwarded to a personal e-mail address)
Please let me know if you have any novel ideas to address these problems that I should cover, or if you would like me to cover any additional questions.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
During Wednesday's threat update webcast, I would like to do a segment focusing on e-mail security, and was wondering what our readers do to secure e-mail. Some of the challenges I see:
- the use of cloud based e-mail services like gmail.
- mobile access to e-mail
- access to e-mail from multiple devices
- e-mail encryption and authentication (PGP/S-Mime)
- e-mail forwarding security (if someone has e-mail forwarded to a personal e-mail address)
Please let me know if you have any novel ideas to address these problems that I should cover, or if you would like me to cover any additional questions.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.