+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Internet Related/Filtering/Firewall Thread, what makes an email account secure? in Technical; Our child protection officer received an email from a borough contact saying... Please note we now have a secure E-mail ...
  1. #1
    rad
    rad is offline
    rad's Avatar
    Join Date
    Jan 2009
    Location
    Middlesex
    Posts
    2,471
    Thank Post
    333
    Thanked 307 Times in 235 Posts
    Rep Power
    109

    what makes an email account secure?

    Our child protection officer received an email from a borough contact saying...
    Please note we now have a secure E-mail address as follows:
    [Email address]

    Please note this will only be usable from secure E-mail accounts.
    We use email provided by LGfL, what is classed as a secure email? I did ask that they send a test email but I am not sure what they are referring to as a secure email.

    Thanks

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    Perhaps one that connects via TLS? Or as with my old LEA (WSCC) they would only send stuff to the email addresses provided by them (i.e @wsgfl addresses)

  3. Thanks to glennda from:

    rad (22nd September 2012)

  4. #3

    Join Date
    Nov 2011
    Location
    Cambridgeshire
    Posts
    521
    Thank Post
    141
    Thanked 74 Times in 66 Posts
    Rep Power
    19
    Our LA provides an MS Exchange based email for all employees and governors, which we were instructed to use as it's "secure". It might have been until people started downloading them to the mail client on their smartphones. When asked, how many governors or staff do you think were using the free apps to remotely wipe their data in the event of losing their phone?
    They can also use gmail and similar as a client reader for MS Exchnage accounts on their PCs. So Google get to analyse them too.

    Remote access to data or cloud computing is being resisted on security grounds here, so let's just send round attachments to phones without password protection or take unencrypted USB sticks everywhere. <sigh> Rant over........

  5. Thanks to jmak from:

    rad (22nd September 2012)

  6. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,829
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Cant emails be intercepted if you have the right kit?

  7. Thanks to FN-GM from:

    rad (22nd September 2012)

  8. #5

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,165
    Thank Post
    12
    Thanked 224 Times in 214 Posts
    Rep Power
    66
    I think the only emails systems designated as secure as GSCX, NHS.net and Police. There are a number of others that come under GSCX but I cannot find the document with it on at the moment.

  9. Thanks to MatthewL from:

    rad (22nd September 2012)

  10. #6
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,206
    Thank Post
    450
    Thanked 173 Times in 170 Posts
    Blog Entries
    3
    Rep Power
    63
    It's funny, I've had 3 people ask me this week about whether we have a secure email system and I've just assumed no because of the reasons above but it's made me wonder, is it something, like everything else, I should be looking in to it and how would I even start to look at going about it?
    Last edited by Cache; 21st September 2012 at 07:33 PM.

  11. Thanks to Cache from:

    rad (22nd September 2012)

  12. #7

    Join Date
    Nov 2011
    Location
    Cambridgeshire
    Posts
    521
    Thank Post
    141
    Thanked 74 Times in 66 Posts
    Rep Power
    19
    I don't think email will ever be secure (possibly with the exceptions mentioned above). It's more like sending a postcard than a letter - most of them won't be read by anyone other than the intended recipient but there's not much to stop someone reading it if they want to. IMHO the best solution for ease of use / security compromise is to send emails with hyperlinks to a secure document storage system.

  13. Thanks to jmak from:

    rad (22nd September 2012)

  14. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,829
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    encrypted attachments is one way to secure data sent via email

  15. Thanks to FN-GM from:

    rad (22nd September 2012)

  16. #9

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,165
    Thank Post
    12
    Thanked 224 Times in 214 Posts
    Rep Power
    66
    Our LA use 7Zip and secure them that way and apparently that meets the requirements of CoC and GSCX.

  17. Thanks to MatthewL from:

    rad (22nd September 2012)

  18. #10


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    Quote Originally Posted by FN-GM View Post
    encrypted attachments is one way to secure data sent via email
    But how do you tell them the password? Obviously the only secure way is by a different form of communication but most people will then send a second email with the password... Same goes for bank cards, how does sending the card and PIN in 2 letters make it secure?

  19. Thanks to j17sparky from:

    rad (22nd September 2012)

  20. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,829
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by j17sparky View Post
    But how do you tell them the password? Obviously the only secure way is by a different form of communication but most people will then send a second email with the password... Same goes for bank cards, how does sending the card and PIN in 2 letters make it secure?
    Over the Phone.

  21. Thanks to FN-GM from:

    rad (22nd September 2012)

  22. #12

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,072
    Thank Post
    853
    Thanked 2,676 Times in 2,270 Posts
    Blog Entries
    9
    Rep Power
    769
    Quote Originally Posted by FN-GM View Post
    Over the Phone.
    Smoke signals or even better http://www.rfc-editor.org/rfc/rfc1149.txt

  23. Thanks to SYNACK from:

    rad (22nd September 2012)

  24. #13
    rad
    rad is offline
    rad's Avatar
    Join Date
    Jan 2009
    Location
    Middlesex
    Posts
    2,471
    Thank Post
    333
    Thanked 307 Times in 235 Posts
    Rep Power
    109
    Quote Originally Posted by MatthewL View Post
    Our LA use 7Zip and secure them that way and apparently that meets the requirements of CoC and GSCX.
    Thanks @MatthewL the email did contain GSCx but wasn't sure what it meant. It therefore would mean we don't have a secure email system!

    Thanks all

  25. #14

    Join Date
    Jan 2007
    Location
    Nottinghamshire
    Posts
    530
    Thank Post
    1
    Thanked 84 Times in 58 Posts
    Rep Power
    38
    If only someone had, say 20 years ago, invented encrypted public key email

  26. #15

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I think there are several answers to this question - Live@Edu for example uses the following:

    POP - Encryption method: SSL
    IMAP - Encryption method: SSL
    SMTP - Encryption method: TLS

    This makes it pretty secure between your application or browser, connecting to your e-mail server. The only problem is between your e-mail server and the recipient of the e-mail. There are many different e-mail platforms out there, the majority unsecure.

    Banks for example may send part of the communication via e-mail and the other part via SMS. Two communication methods does improve security, but then again, Smartphones can receive e-mail and SMS so it isn't that secure. People store their life on Smartphones these days!

    The alternative is to use digital certificates, however it means all your recipients need your digital signature. This is great for regular e-mails/contacts, but if you randomly e-mail someone you've never e-mailed before, a 5 minute job is no longer a 5 minute job.

    I suspect in future with 3G/4G and fibre broadband speeds, bandwidth will no longer be an issue, so in theory all webpages, e-mail and other services would use SSL or similar.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Can an server "steal" an email account?
    By synaesthesia in forum Windows
    Replies: 2
    Last Post: 9th October 2009, 05:27 PM
  2. Replies: 9
    Last Post: 10th May 2007, 10:13 AM
  3. Replies: 3
    Last Post: 19th October 2006, 01:31 PM
  4. What makes EduGeek so good
    By ITWombat in forum General Chat
    Replies: 4
    Last Post: 9th July 2006, 03:46 PM
  5. Replies: 16
    Last Post: 29th March 2006, 03:52 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •