|
Home > Archive > Certified Internet Webmaster - CIW > May 2002 > Need Help on CIW 1D-470 Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Need Help on CIW 1D-470 Question
|
|
|
| Hi, I need help to answer this question. Can someone help me?
Question: What is the standard method for securing individual e-mail messages sent between a company and other users that do not use the e-mail server?
A. Invoke encryption at the e-mail server.
B. Invoke encryption on each client.
C. Filter firewall port 42 on the company firewall.
D. Store all e-mail messages on a separate partition.
Thanks in Advance! | |
| Hacker 2002-04-30, 5:42 am |
| B.  . | |
|
| Where did the question come from? | |
|
| 
Hi Hacker,
Can you please explain your choice of answer?
My thought for your choice of answer: - The logical choice of your answer will be using PGP softwares on the clients to communicate messages.
But, I believe there is no encryption functionality build into most mail softwares. (B:Invoke encryption on each client)
__________
Anyone else has a different answer? Please explain. | |
| Drummer 2002-04-30, 7:32 pm |
| I guess it would be the only option that would involve securing individual messages. The other options involve securing the way messages travel but not the messages themselves. Plus, since they are not using the e-mail server A would be eliminated.
Am I right, Hacker? | |
| Hacker 2002-05-02, 9:18 am |
| Well, A can't really work as some individuals do not use the same email server. It means that if the server encrypts the message there, users who do not use the server will not get their message transmitted securely.
C is definitely wrong as filtering does not in any way help to secure the message in transit. In fact, filtering a port would block the message from going through even if the Admin had used port 42 for POP3/IMAP/SMTP (though impossible since 42 belongs to a registed port, 0-1023 and cannot be used).
For D, if you store them on a separate partition, it merely means that you are storing them somewhere else, either on the same drive or different one. It does not state Linux or M$, and remember, if you move files from one folder to another in W2k, even if the original is encrypted, the original files would take the destination's folder's attributes. There is a possibility that the destination folder might not be NTFS or does not have encruption enabled. Anyway, this does not even have any thing to do with the question!
B seems the only correct answer as a client can have asymetric or even symmetric encryption via hash/message digest for the former or PGP (private/public key combination) for the latter.
Drummer, you are absolutely correct, and desaw, PGP is one way that an email client is used to trasmit encrypted messages using the symmetric method. There is also personal email encryption from Thawte and Verisign. Check your email client's security tab! | |
| trihuynh 2002-05-02, 12:13 pm |
| The testking answer for this question is C.
How stupid it is ! :-) | |
| Hacker 2002-05-03, 5:47 pm |
| Hmmm, dangerous to use TestKing! |
|
|
|
|