E-Mail Verschlüsselung - ITEK - ETH Zürich

Totemo: TrustMail Secure Email Gateway
E-Mail-Verschlüsselung
• No plug-in or software installed on the internal user side
• No plug-in or software installed on recipient side
• Internal users can spontaneously communicate with anybody
• Central definition of security policies possible
• Flexibility on recipient side (support both S/MIME and PGP communication)
• Central server-based content and virus checking still possible
• Messages can be protected inside and outside of the company network
• Not based on proprietary concepts, but on established standards
• Take advantage of the native email encryption functionality available in email
clients
• No manual issuance or renewal of keys
• High degree of automation to limit administration needs
• Connectors to Active Directory or LDAP directories, external certificate authorities,
etc.
• Investment protection: it should be possible to upgrade the solution if necessary to
support security tokens, HSMs (hardware security modules), Smartcards, fully
qualified signatures, dual keying, Blackberry devices, etc.
• http://www.totemo.ch/secure_email_white_papers.html
10.5.06 :: Roland Dietlicher, Basisdienste
Schlussfolgerungen?!
E-Mail-Verschlüsselung
• Wie war das nochmals mit der BOT?
– „Bereitstellung der notwendigen Verschlüsselungstechniken“
– man darf vertrauliche Informationen elektronisch nur
verschlüsselt verschicken
– Für Datenschutz durch verschlüsselte Übermittlung sorgen.
• Was müssen wir nun tun?
– nichts
– Link auf SwissSign, resp. GnuPG
– SSL-Verbindungen zu unseren Mailservern
• Was dürfen wir uns das kosten lassen?
– Totemo TrustMail-Server = Fr. xy
10.5.06 :: Roland Dietlicher, Basisdienste
8