SecExMail Gate is a server based e-mail proxy server which encrypts and decrypts email messages on your corporate network in real-time. This proxy server integrates with your existing corporate infrastructure and operates in conjunction with your SMTP/POP3 mail server. SecExMail Gate implements open standard encryption algorithms to create a seamless security framework to protect the privacy of your corporate email on the public internet. No additional software on the e-mail workstations on your network is required.
| SecExMail Network Diagram
|
|
| General Features :
| SecExMail Gate requires no plug-ins or other email client specific software. Simply configure SecExMail Gate to communicate with your email server and set your favorite email client to talk to SecExMail Gate. That's it.
|
| Probably the greatest obstacle to wide-spread use of secure email is that most encryption systems don't integrate seamlessly with popular email clients. In some cases the use of plug-ins means that encrypted messages held in mail folders are not searchable via the standard email client interface. In other cases, encrypted messages held in mail folders become irretrievable once the encryption plug-in is unloaded. In most cases security is an after-thought and the normal work flow is disrupted to accommodate security. Because SecExMail Gate operates unobtrusively in the background, encrypting and decrypting email streams to and from your email client in real-time, you continue to work with your email client as usual.
|
| Many plug-in based encryption systems require the user to treat secure mail differently from ordinary mail. Some require the user to remember that mail to a specific recipient should always be encrypted and take special action to invoke the encryption. If the user forgets, the message is sent in plain text and confidential information may be compromised. Equally, if a plug-in is accidentally unloaded or crashes, sensitive information may be compromised because messages designated secure are inadvertently spilled onto the internet in clear text. SecExMail Gate is engineered from the ground up to provide fail safety. Because SecExMail Gate acts as a relay agent or mail proxy and requires the email client to be configured to communicate with its mail server via this proxy, a failure in SecExMail Gate simply means that no mail is sent until the error condition is alleviated. Once the public key for a particular recipient is entered into SecExMail Gate, all mail to that recipient will be sent encrypted by default and without further user intervention.
|
| SecExMail Gate does not stop at simply encrypting your email messages. It also provides for message stealth at the protocol level. The information contained in the header of most emails provides a wealth of information to the cryptanalyst. For example, the header contains a subject line which tells the cryptanalyst which messages are worth examining. Furthermore the header contains information about the type of message being sent, the so called "MIME type". The MIME type indicates to the cryptanalyst if the message contains only text or perhaps a photograph and if so in what format the photograph is stored ( JPG, GIF, etc ). The latter can be exploited in a known plain text attack. For this reason, SecExMail Gate not only encrypts the message subject but also obscures MIME type information. This means a hacker can neither deduce whether the message is worth examining nor what file attachments, if any, are being sent.
|
· | Protect Account Information
|
| Most conventional email communication involves the exchange of clear text passwords. This means that anyone with the right wire tapping equipment, or in fact any skilled system administrator working for your telecommunications company, can collect your password information and subsequently read all your email without your knowledge. SecExMail Gate can protect your user and password information by encapsulating all email traffic in a Secure Socket Layer ( SSL ) or Transport Layer Security (TLS) tunnel.
|
| SecExMail Gate protects against attempts to trick you into revealing your password information to third parties. See IP/DNS spoofing for technical details. (Offshore and Corporate edition only )
|
| SecExMail Gate is engineered with a focus on transparency to give you the assurance that no backdoor keys or key recovery is embedded in encrypted messages.
|
Technical Features :
| SecExMail Gate uses standard RSA based public key encryption. Supported key sizes are 2048, 4096 and 8192 bits ( up to 10240 bits for offshore edition and corporate edition ). Two messages are never encrypted with the same session key. Instead the public key associated with the recipient of a message is used to encrypt a random session key which is used to encrypt the message. Generation of strong session keys is based on a sophisticated entropy collection system.
|
· | Coexistence with other encryption standards
|
| SecExMail Gate encrypts the mail stream and therefore does not interfere with existing methods of encryption. As such, it is possible to encrypt with PGP or GPG first, and then send the resulting cipher text through SecExMail Gate for further encryption. On the remote end, the recipients SecExMail Gate restores the PGP cipher text which can then be decrypted by the user's email client or associated PGP decryption module.
|
|
|