Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Reviews

Introduction

Updated August 16, 2005

In Part 1 of this review, I looked at the history behind PGP Corp., the PGP method of email and disk encryption, and provided a general overview of the PGP Universal gateway encryption product.

In this second and final part, I will focus on how the product actually functions, and will examine all of the different components of PGP Universal Series 500.

Learn Mode

A PGP Universal server begins life in something called Learn Mode. Learn Mode consists of the server proxying mail and creating keys for users as usual, but not encrypting or signing any mail it sends. This allows a server to safely generate keys for users and show administrators how different mail would be encrypted if Learn Mode were not active. But it doesn't incur the nasty overhead of actually having to encrypt and sign messages while simultaneously generating keys for all of the users in the internal domain. Once enough keys have been generated, Learn Mode can be deactivated and encryption can begin.

While in Learn Mode, you are also able to set up and test policies for encrypting mail. Everything about PGP Universal's encryption system, such as who to encrypt mail to, what to do for recipients without a key and whether to use OpenPGP or S/MIME to encrypt messages, is controlled at the policy level. (Figure 1)

The mail encryption policy screen

Figure 1: The mail encryption policy screen
(Click image for more detail)

I established a default policy that would apply to every domain that mail was sent to, and then established several contingencies and exceptions for messages. These exceptions could apply to both message subjects and recipient domains, and I established policies for both.

For the recipient domain, I specified foobar.net (our old friend Bob's domain) and specified that all mail being sent to this domain should be encrypted. For the message subject, I followed the reviewer's guide provided by PGP Corp. and specified "payroll" as the subject.

Setting up policies for message subjects seemed a little counter-intuitive, as it used the same interface as the recipient domain policy setup. Also, in order for message subjects to be considered for encryption the "Apply special policy to messages flagged as Confidential" option had to be selected.

Another thing that would have been nice is wildcard support for domains, which could be used, for example, to send only plaintext mail with no encryption options to top-level domains from countries where encryption is illegal.

More Stuff

Featured Sponsors


Top Ranked Routers


AC Router

AC DWS

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi guys I have googled this but there is not a straight answer , so Im asking here what does the error meanupnp_event_recv: recv(): Connection reset b...
VLAN first timer here…I’m creating a VLAN and trying to get devices on that VLAN.Hardware:1 Supermicro pfSense firewall/router with 4 NICs1 Cisco SG30...
I am trying to block internet access to my security cameras so that they can only be accessed from my Synology NAS. I can use the "Block Internet Acce...
I setup OpenVPN server to client and client to server on 2x 68u with Firmware:380.65 routers.. I can't narrow it down but the VPN connection drops e...
​ QNAP's TS-228 is inexpensive, but makes performance compromises to get there.Read on SmallNetBuilder

Don't Miss These

  • 1
  • 2
  • 3