Implementing Email Security and Tokens: Current Standards, Tools, and Practices

  • 4h 38m
  • Russ Housley, Sean Turner
  • John Wiley & Sons (US)
  • 2008

It's your job to make email safe.

Where do you start?

In today's national and global enterprises where business is conducted across time zones and continents, the "e" in email could stand for "essential." Even more critical is rock-solid email security. If you're the person charged with implementing that email security strategy, this book is for you. Backed with case studies, it offers the nuts-and-bolts information you need to understand your options, select products that meet your needs, and lock down your company's electronic communication systems.

  • Review how email operates and where vulnerabilities lie
  • Learn the basics of cryptography and how to use it against invaders
  • Understand PKI (public key infrastructure), who should be trusted to perform specific tasks, how PKI architecture works, and how certificates function
  • Identify ways to protect your passwords, message headers, and commands, as well as the content of your email messages
  • Look at the different types of devices (or "tokens") that can be used to store and protect private keys

About the Authors

Sean Turner, a founding member of the International Electronic Communication Analysts (IECA), has helped develop numerous standards including S/MIME, X.400, X.500, and P772, the content type for the US DMS. He is co-chair of the IETF S/MIME WG.

Russ Housley founded Vigil Security and has worked in the computer and network security field since 1982. He is the IETF chair.

In this Book

  • Introduction
  • Understanding Email
  • Security Fundamentals
  • Cryptography Primer
  • Understanding Public Key Infrastructure
  • Protecting Email Message Contents
  • Protecting Email Passwords, Headers, and Commands
  • Tokens and Hardware Security Modules
  • Signatures and Authentication for Everyone
  • Department of Defense Public Key Infrastructure, Medium Grade Service, and Common Access Card
  • National Institute of Standards and Technology Personal Identity Verification
  • Future Developments
  • References