apsec SEPPmail Email Security Gateway
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


apsec SEPPmail Email Security Gateway



SEPPmail Email Security Gateway - Email Signature / Email Encryption

SEPPmail Email Security Gateway - Email Signature / Email Encryption



Total Views
Views on SlideShare
Embed Views



3 Embeds 8

http://www.slideshare.net 4
http://www.slideee.com 3
http://webcache.googleusercontent.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

apsec SEPPmail Email Security Gateway Presentation Transcript

  • 1. Secure E-mail Gateway Presentation
  • 2. E-Mail Encryption
    • E-mail today
    • Electronic mail is a quick and cheap way to communicate with customers, colleagues and partners.
      • Draft contracts
      • Quotations
      • Conditions
      • Calculations
      • Job applications, personal data
      • Technology transfer (construction plans, designs, formulas, etc…)
  • 3. E-Mail Encryption
    • Advantages of E-mail?
      • No postal delays, fastest transmission
      • Easy to reply
      • International availability
      • Easy sending of enclosures
      • Convenient sending to multiple recipients
      • Quick creation time
      • Simple to archive
      • No strict formal regulation
      • Inexpensive, low maintenance expense (?)
  • 4. E-Mail Encryption
    • The Facts
    • … E-Mail are more unsecure then not signed and unsealed post cards. … (German Federal Office for Information Security - BSI)
    • Unencrypted e-mail allows unauthorized distribution of confidential information
    • To spy e-mail and to alter it is easy possible
    • Identity of e-mail can be modified
  • 5. E-Mail Encryption
    • PGP
    • Developed by Phil Zimmermann
    • First version 1991
    • Bought by Network Associates Inc. 1997
    • Windows, Unix, Mac: PGP, GnuPG
    • As Open Source (GnuPG, WinPT) as well as commercial version (PGP) available
    • Certificates are self-signed and distributed through the „Web of Trust“
  • 6. E-Mail Encryption
    • S/MIME ( Secure Multipurpose Internet Mail Extensions)
    • Developed by developed by RSA Data Security, Inc
    • First version 1994
    • Use digital certificates (PKCS-format, X.509)
    • Functionality is integrated in most e-mail clients (Outlook, Outlook Express, Netscape, Lotus Notes…)
    • Certificates should be issued by a Certificate Authority (CA)
  • 7. E-Mail Encryption
    • Difference of Encryption / Signature
    • The electronic signature ensures the integrity of a message and the authenticy of the sender. The signature can replace a legal signature and should be executed on the senders workstation.
    • Encryption ensured the confidentiality of a message and is typically executed on a gateway. This allows archiving and gives the option to use security technologies like antispam, antivirus, and content filtering at the gateway.
  • 8. E-Mail Encryption
    • Reasons not to use e-mail encryption
    • Installation and configuration efforts are very high
    • High administration efforts and expenses
    • User acceptance is limited through high training expenses and complex usage – therefore low encryption rate is realized
    • Encrypted communication is only possible when the receiver a special software, a plug-in, or a digital certificate installed.
  • 9. E-Mail Encryption
    • Expectations in encryption solutions
    • Highest security
    • Investment protection
    • Low administration efforts
    • Easy to implement
    • Rapid TCO & TCA
    • User-friendliness
    • High user acceptance
    • Email encryption – communication with everybody
  • 10. E-Mail Encryption
    • Secure e-mail with any recipient
    • „ Even though encryption methods are widely available for a long time already e-mail encryption is used very rarely. The main reason is that most available solutions request a compatible encryption software at the counterpart.“
    • SEPPmail provides a unique solution for this problem by ensuring a secure and practical encryption method.
  • 11. E-Mail Encryption
    • Approach 1: Self-extracting files with password protection
    • Optimal for spreading viruses and Trojans, because the recipient firewall need to accept executables, regardless of the content.
    • Brute-force attack on the attachment is possible (because it is password protected only)
    • Requires a certain operating system on the recipient side
  • 12. E-Mail Encryption
    • Approach 2: Password protected PDF files
    • Format will be changed by converting the e-mail to PDF
    • Digital signature of the sender will be destroyed
    • Depending on the PDF reader version of the recipient
    • Brute-force attach against the password is possible
    • Bad reputation of PDF security
  • 13. E-Mail Encryption
    • Approach 3: Deployment of a encryption client software
    • Not all recipients are allowed / are willing to install additional software
    • Proprietary
    • Does not work on all client platforms
    • No ad hoc communication possible
  • 14. E-Mail Encryption
    • Approach 4: „Secure Web E-mail“
    • Storage – demand rises continuous because outgoing messages need to be archived.
    • Can easy be compromised by e-mail spoofing or phishing
    • Conclusion: A „Secure Web E-Mail“ is typically less secure than unencrypted email communication.
  • 15. Introduction SEPPmail
    • SeppMail – the Solution
    • „ Look and feel“ similar to Web e-mail
    • E-Mail will be completely delivered, therefore very less storage requirement on the appliance.
    • Two-factor authentication (password and original e-mail is required)
    • Issuing of a prove-of-reading notice for the sender. (similar to a „registered letter“)
  • 16. Introduction SEPPmail SMTP
  • 17. Introduction SEPPmail
    • SEPPmail Secure E-Mail Gateway
        • Simple installation – „plug und protect“
        • „ All-in-one"- approach simplifies the buying decision
        • Hardened, adjusted appliance operating system
        • Same firmware (about 50MB) for all appliances
        • Available as VMware image
  • 18. Introduction SEPPmail
    • Communicates with anybody!
    Workstations E-mail server, e.g. Lotus Notes, MS Exchange 2003/2007, … Firewall Recipient without: software, plug-in, key, certificate => SEPP mail Open PGP S/MIME SEPPmail Internet
  • 19. Introduction SEPPmail
    • Integrated cluster management
    SEPPmailcluster Workstations File server Firewall Mail server Firewall Internet Open PGP
  • 20. Introduction SEPPmail
    • Automatic E-mail VPN based on domain certificates
    Mail Server Mail Server Internet Encryption – Tunnel Firma X Firma Y
  • 21. Introduction SEPPmail
    • Rule Engine
    • Normal policies can be configured by GUI
    • Individual adaption to e-mail company policies
    • Countless filtering options (by sender, by attachment, etc.)
    • Multiple actions (sign, encrypt, notify, reject, etc.)
    • Group functions
  • 22. Introduction SEPPmail
    • Further important functionalities
    • LDAP/ADS integration possible
    • Central user management
    • Integration to existing email/encryption solutions
    • Import and export of signing/encryption keys and users independent of the existing platform
    • Issuing of S/MIME certificates (self-signed or sub-CA)
    • Optional with Antivirus and Antispam
    • SMTP/TLS management
  • 23. Introduction SEPPmail
    • Live Demo
  • 24. Product Overview SEPPmail
  • 25. Product Overview SEPPmail
    • SEPPmail 500 – The SME Appliance
    • 3 x 10/100 Mbit Ports
    • Small form factor
    • CF storage
    • Maximum number of users for email encryption: 50 users
  • 26. Product Overview SEPPmail
    • SEPPmail 1000 – The Appliance for Professionals
    • 2 x 10/100/1000 Mbit Ports
    • 19“ Rack mount 1U
    • Integrated hard disk
    • Maximum number of users for email encryption: 500 users
  • 27. Product Overview SEPPmail
    • SEPPmail 3000 – The Enterprise Appliance
    • 2 x 10/100/1000 Mbit Ports
    • 19“ Rack mount 1U
    • 2 integrated Raid1 hard disks
    • Maximum number of users for email encryption: unlimited
  • 28. Product Overview SEPPmail
    • SEPPmail VM – the flexible software solution
    • SEPPmail available as VMware Image
    • Runs on VM Player/Server/ESX
    • Delivery as DVD or download
    • Maximum number of users for email encryption: unlimited
    • Performance is defined by hardware of the server only.
  • 29.
    • Benefits
    • Pre-Installed; quick and easy installation, configuration
    • Central management
    • Seamless integration on existing system architecture (company and security policies)
    • Seamless integration of existing user directories and keys
    • Central user management
    • Central key management
    • Optimized scalability
    • Expandable by clustering
    • No user trainings efforts (when using SEPPmail encryption technology)
    SEPPmail Benefits
  • 30. SEPPmail Benefits – Security
    • Benefits
    • OpenBSD based
    • OpenPGP, S/MIME, SSL
    • Available cryptographic algorithms: 3DES, DSA, RSA, Blowfisch, etc…
    • Email protocol: SMTP
    • Multiple filter options
    • Web based management
    • Safeguarding against hackers (no e-mail archiving on the gateway)
    • Optional antivirus / antispam protection
    • Highest encryption rate through ease of use increase the total corporate security
  • 31.
    • Benefits
    • Easy administration through intuitive GUI
    • Automatic key generation
    • Highly accepted by the users through the simple and comfortable handling
    • Automatic encryption without user interaction
    • Users keep using their normal e-mail application
    • Encryption and decryption in the background
    • No user trainings efforts
    SEPPmail Benefits – Ease of Use Ease of use
  • 32. SEPPmail ® vs. Exchange 2007SP1 Internal Security MS Exchange ® 2007 Current Weakness Solution SEPPmail ® Server-2-Server Ex2007-to-Ex2007 communication is automatically TLS encrypted Vulnerable for ARP spoofing, and man-in-the-middle attacks. Add managed domain keys when SEPPmail are installed on both sides. Client-Access Outlook2007-to-Ex2007 is MAPI/RPC encrypted. OWA2007, Exchange ActiveSync, and Web Services is SSL encrypted SSL is vulnerable for DNS spoofing, man-in-the-middle attach, key-logger. MAPI/RPC and SSL add encryption to the communication only, the message is still unencrypted on all stores. Add S/MIME email encryption on top of encrypted communication. Storage Encrypted email will be saved in Exchange message store encrypted.
    • Search very slow. (encrypted e-mail will not be indexed)
    • Assistants and vacation replacements cannot read the message on behalf of the original owner of the mailbox.
    • backup/storage will be still encrypted, Even after years when the encryption key is not available any more.
    • Can decrypt email to
    • allow text indexing,
    • allow on-behalf-rules,
    • allow unencrypted archiving.
  • 33. SEPPmail ® vs. Exchange 2007SP1 External Security MS Exchange ® 2007 Current Weakness Solution SEPPmail ® Security Policies Exchange 2007 can not define security policies to sign or encryption e-mail as a must. Users will not use encryption unless they are forced. Centralized security policies, based on domains, users, headers, … PGP PGP not supported by Microsoft. A costly PGP Universal Server is required. PGP is a industry standard, partners or supplier will ask for it. Add OpenPGP in addition to other major encryption standards . S/MIME S/MIME encryption only possible on PC or Web clients (OWA) when user manual request encryption. Cannot be forced by company policy.
    • Requires smartcard/USB-token on all client PCs.
    • Requires certificate handling on all client PCs.
    • Requires strong user security awareness.
    SEPPmail ® encrypts and decrypts e-mail automatically - following the company´s security policies. SMTP transport SMTP/TLS encryption when recipient SMTP email server supports TLS Vulnerable for DNS spoofing, and man-in-the-middle attach. Add managed domain keys when SEPPmail ® is installed on both sides Email Encryption to Anybody Not possible. Requires S/MIME certificate of the recipient. Certificates are costly, and not all customers will purchase a certificate to communicate with you. Add SEPPmail ® Staging-Server technology in addition to PGP and S/MIME.
  • 34. Selected SEPPmail ® Customers Enterprise customers with more than 3000 users Further references Insurance Banking Government