Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Reviews

Introduction

Updated August 16, 2005

In Part 1 of this review, I looked at the history behind PGP Corp., the PGP method of email and disk encryption, and provided a general overview of the PGP Universal gateway encryption product.

In this second and final part, I will focus on how the product actually functions, and will examine all of the different components of PGP Universal Series 500.

Learn Mode

A PGP Universal server begins life in something called Learn Mode. Learn Mode consists of the server proxying mail and creating keys for users as usual, but not encrypting or signing any mail it sends. This allows a server to safely generate keys for users and show administrators how different mail would be encrypted if Learn Mode were not active. But it doesn't incur the nasty overhead of actually having to encrypt and sign messages while simultaneously generating keys for all of the users in the internal domain. Once enough keys have been generated, Learn Mode can be deactivated and encryption can begin.

While in Learn Mode, you are also able to set up and test policies for encrypting mail. Everything about PGP Universal's encryption system, such as who to encrypt mail to, what to do for recipients without a key and whether to use OpenPGP or S/MIME to encrypt messages, is controlled at the policy level. (Figure 1)

The mail encryption policy screen

Figure 1: The mail encryption policy screen
(Click image for more detail)

I established a default policy that would apply to every domain that mail was sent to, and then established several contingencies and exceptions for messages. These exceptions could apply to both message subjects and recipient domains, and I established policies for both.

For the recipient domain, I specified foobar.net (our old friend Bob's domain) and specified that all mail being sent to this domain should be encrypted. For the message subject, I followed the reviewer's guide provided by PGP Corp. and specified "payroll" as the subject.

Setting up policies for message subjects seemed a little counter-intuitive, as it used the same interface as the recipient domain policy setup. Also, in order for message subjects to be considered for encryption the "Apply special policy to messages flagged as Confidential" option had to be selected.

Another thing that would have been nice is wildcard support for domains, which could be used, for example, to send only plaintext mail with no encryption options to top-level domains from countries where encryption is illegal.

More Stuff

Wi-Fi System Tools
Check out the new Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors




Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Have, for the first time, upgraded to Asuswrt-Merlin firmware on the 86U. Will I have to download a file of a newer version of AM everytime or will th...
Is there a way to schedule QoS rules / bandwidth limit?A simple way is: adjust priority according to time.A more general way is to apply different rul...
Per my title I've always wondered how much the specs on newer routers really matter in everyday usage. For example I own a few routers and was wonderi...
To use multihop VPN I need to be able to enter a server address with @ Server Address and Port: x.x.x.x@xLater versions beyond around 380.65 prompt wi...
Hi guys, i got 3.0.0.4.380_8228 asus last firmware. but before I hade merlin firmware and same results, I live in an hotel at the time, and the signal...

Don't Miss These

  • 1
  • 2
  • 3