Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security How To

Lock Down Your Email

Another way to stay secure in your communications while on the road is email encryption. A good idea even while at home, encrypted email becomes all the more useful when accessing the Internet through an insecure access point or in an untrusted computing environment.

As with disk encryption and VPNs, there are a variety of different ways available to encrypt email. The most common email encryption mechanism is Pretty Good Privacy (PGP), which can be found in a variety of implementations ranging from standalone command-line tools to plugins for email clients.

The competing (and incompatible) standard is Secure/Multipurpose Internet Mail Extensions (S/MIME), which requires a valid security certificate from a reputable certifying authority. Both standards are endorsed by the National Institute of Standards and Technology as security standards, and are both secure enough for everyday use. However, the two standards cannot decrypt one another, so it is important to know which email encryption mechanism the person you are communicating with uses before sending a message (or even if they are using encryption at all!), to avoid a mess of garbage text from reaching your recipient.

PGP is officially available through the PGP Corporation, which also offers the PGP Universal solution for encrypting emails in an enterprise environment. For a free option, Gnu Privacy Guard (GPG) is a free/open-source solution that can be used from the command line or even plugged into an email client for even easier encryption.

The Enigmail plugin for Mozilla Thunderbird (Figure 5) allows GPG email encryption directly from the client. In the large version of the figure below, the message on the left has been encrypted, while the message on the left has been decrypted.

Figure 5: Enigmail plugin for Mozilla Thunderbird

Figure 5: Enigmail plugin for Mozilla Thunderbird

S/MIME support is included with many e-mail clients, so using it is as easy as selecting the 'Encrypt Email' option within the client. The difficult part, however, comes with obtaining a certificate from a CA. Many organizations provide their own CA's, but certificates are also available through trusted third-party CA's. Thawte is the most popular third-party CA, and can issue free S/MIME certificates (Figure 6), while VeriSign provides certificates for a fee.

Figure 6: An S/MIME certificate issued by Thawte and viewed in Mozilla Firefox. (Click to enlarge)

Figure 6: An S/MIME certificate issued by Thawte and viewed in Mozilla Firefox. (Click to enlarge)

A word of caution/paranoia: Though the cryptographic algorithms behind mechanisms such as PGP and S/MIME are secure, it should be noted that their greatest weak points come in their implementations. An improperly-implemented version of one of these algorithms can provide a false sense of security - which can be even worse than having no security at all! - so take care to update to the latest versions of whichever implementation you choose. Or, for the truly paranoid, just use the time-tested command-line versions of each tool.

A final concern when bringing your laptop on the road is file sharing. For security's sake, unless you absolutely trust the network you are plugged into, disable file sharing on your laptop's network adapter when connecting to a network. This will prevent other machines from viewing and accessing the files on your laptop, and may even save you the pain of having to remove a worm from your machine if file sharing permissions are improperly configured.

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Device: RT-N66UFirmware: 380.69Hello everyone,i attached a tp-link access point to my router and created vlans for several SSIDs.In addition i would l...
Hello, I'm looking for advice for the build in the subject line. I'm a landscape architect starting my own small office. It will be two people at firs...
Is this ok to do ? Also allow only specified ip address.I want to do this my for cousins so i don't have to go over there every time.I notice the 86u ...
Hi,I want to assign my virtual machines to a certain dhcp range.I have been playing around with dnsmasq.conf.add but cant get it to work.This is what ...
Hi allIt seems that devices on 5G-1 and 5G-2 cannot "see" each other.On Wireshark it seems some packets can't traverse from one 5G band to the other. ...

Don't Miss These

  • 1
  • 2
  • 3