Secure Communication
and Connectivity

Secure communication is a process where two individual parties communicate and doesn’t want a third party to interfere. Secure communication also means people can share information with varying degrees of certainty that third parties cannot intercept what is being said or exchanged.

Now many communications take place over long distance using technology, and creating awareness of the importance of interception issues, technology and its compromise are at the heart of this debate. For this reason, we focus on communications mediated or intercepted by technology.

Use of Encryption

Encryption is a procedure in which data is made difficult to read by a third party. Furthermore, encryptions are made to be extremely hard to break, so many communication methods either use deliberately weaker encryption than possible, or have backdoors inserted to permit rapid decryption.Opportunistic encryption is a lower security method to generally increase the percentage of generic traffic which is encrypted. This method does not generally provide authentication or anonymity but it does protect the content of the conversation from eavesdropping.

Email Data Leakage

Email data leakage began when removable of storage and file uploads are blocked, staff begin to export information via email. The motive may not be malicious, but it still results in the organization’s losing control over the information. To address this risk, the DLP system can be configured to report on people sending attachments to home email addresses, which is the usual destination for information, or to any unauthorized email address. For other areas of the business, client information, business strategy, business results, intellectual property, and PII such as credit card numbers and Social Security numbers can be configured into the DLP system.

Data Leakage Using Cloud Storage

Widespread availability of external data storage facilities (e.g., Dropbox and Google Drive) adds to the complexity of DLP. Careful application of Web monitoring and blacklisting specific URLs may be helpful, but determined opponents of the regulations may circumvent such methods using a variety of proxy avoidance Websites which mask the destination of the HTTP request. Security administrators should be on the lookout for new sites so they can add them to the corporate blacklists for outbound communications through their firewalls.

Server Responsibilities

Web servers presents an attractive vector for attacks. Signing (authentication) methods are a way to control potential damage, provided that the mechanisms used are admitting executable codes which are properly controlled. Failure to control these mechanisms leads to severe side effects. The concept of minimum necessary privilege applies to mobile code. When the power of signed applets or controls is required, good software engineering practice provides excellent examples of how to limit the potential for damage and mischief. Good software implementation isolates functions and limits the scope of operations that require privileged access or operations. Privileged operating system components, such as device drivers and file systems, are responsible for actual operation.

Email Authentication

On a technical level, what allows spam to continue to proliferate is the lack of sender authentication in the SMTP protocol. Several initiatives have sought to change this situation, either by changing the SMTP protocol or by adding another layer to it. One obvious way to authenticate email is via the sender’s domain name, and numerous schemes to accomplish this have been proposed: Sender Policy Framework (SPF). An extension to SMTP that allows software to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path) that are typically indicative of spam. SPF is defined in Experimental RFC 4408.30 Certified Server Validation (CSV). A method for email authentication that provides end-to-end integrity from a signing MTA to a verifying MTA acting on behalf of the recipient. It uses a signature header verified by retrieving and validating the sender’s public key through the Domain Name System (DNS). Domain Keys Identified Mail (DKIM).