Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Reviews

Introduction

Updated August 16, 2005

In Part 1 of this review, I looked at the history behind PGP Corp., the PGP method of email and disk encryption, and provided a general overview of the PGP Universal gateway encryption product.

In this second and final part, I will focus on how the product actually functions, and will examine all of the different components of PGP Universal Series 500.

Learn Mode

A PGP Universal server begins life in something called Learn Mode. Learn Mode consists of the server proxying mail and creating keys for users as usual, but not encrypting or signing any mail it sends. This allows a server to safely generate keys for users and show administrators how different mail would be encrypted if Learn Mode were not active. But it doesn't incur the nasty overhead of actually having to encrypt and sign messages while simultaneously generating keys for all of the users in the internal domain. Once enough keys have been generated, Learn Mode can be deactivated and encryption can begin.

While in Learn Mode, you are also able to set up and test policies for encrypting mail. Everything about PGP Universal's encryption system, such as who to encrypt mail to, what to do for recipients without a key and whether to use OpenPGP or S/MIME to encrypt messages, is controlled at the policy level. (Figure 1)

The mail encryption policy screen

Figure 1: The mail encryption policy screen
(Click image for more detail)

I established a default policy that would apply to every domain that mail was sent to, and then established several contingencies and exceptions for messages. These exceptions could apply to both message subjects and recipient domains, and I established policies for both.

For the recipient domain, I specified foobar.net (our old friend Bob's domain) and specified that all mail being sent to this domain should be encrypted. For the message subject, I followed the reviewer's guide provided by PGP Corp. and specified "payroll" as the subject.

Setting up policies for message subjects seemed a little counter-intuitive, as it used the same interface as the recipient domain policy setup. Also, in order for message subjects to be considered for encryption the "Apply special policy to messages flagged as Confidential" option had to be selected.

Another thing that would have been nice is wildcard support for domains, which could be used, for example, to send only plaintext mail with no encryption options to top-level domains from countries where encryption is illegal.

More Stuff

Wi-Fi System Tools
Check out the new Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors


Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I'm using the latest(?) Merlin fw (380.68_4) on my RT-AC68U.I'd like to see the accepted packets in the syslog if they came from wan. But not the LAN ...
About a month ago, I got the guy from ChinaTelecom to hook up internet for me, and it was running really slow lately so I went to look at the TP-LINk ...
Good morning,I have 2 x RT-AC88U's. One of which has a broken antenna (young, clumsy children!). So I bought a second a while ago.The one with the bro...
Hi guys!I've noticed a strange entry at the log of my RT-AC88U - Merlin's latest stable firmware, 382.1. It is a message related to an app, but I don'...
Hey All,I am new to setting up vlans, and I am trying to figure out how to allow my Vlan "10" to allow traffic from my VLAN "1"Here is my current conf...

Don't Miss These

  • 1
  • 2
  • 3
Get Backblaze Now!