Email Privacy, Encryption and Security - A 1-day course

 Closed In-House Course

Synopsis

Email is fast, effective, easy to use and convenient. Yet in these days of identity theft and increasing commercial, criminal and government snooping into our lives, it's utterly insecure. When you receive a mail you have no idea who sent it, when you send mail anyone could be reading it.

In the modern environment, few people can afford to have their routine communications at risk of subversion and eavesdropping. Intercepting emails is not difficult and when there are simple and powerful techniques to protect against it, they should be used.

Securing your email is straightforward to do and in most cases can be done completely free of charge, giving you military-grade confidentiality that even government security services find hard to crack. There's more to it than just a technical fix; good security requires an understanding of social and organisational issues that go beyond simply installing a piece of software.

This one-day seminar provides a solid grounding in the basic techniques of email security, covers the two main methods used and show you down-to-earth practical ways of ensuring that nobody can intercept, tamper with or spoof your emails. Those who bring a laptop will be able to install free-of-charge software to do this during the course.

As you will learn, identity verification is an important concept in communicating with confidence. Delegates who wish to have their communication keys digitally validated and signed by the instructor should bring a passport as proof of identity. This course helps to get you started using real-life safe and confidential email. Both main standards for email encryption are covered; delegates will practice using each of them to communicate during the course.

Suitable for

• Anyone who is concerned about confidentiality and integrity of their email and who is willing to learn how to do so in situations of low to moderate threat
• The course is not suitable for anyone intending to undertake criminal or terrorist activities or whose communications (if intercepted and deciphered) are likely to lead to loss of life or liberty

Prerequisites

Students attending this course should have:

• Enough interest in the subject to go beyond a 'point here, click this, do that' existence. You have to be willing to learn safe practices and integrate the basic principles of secure communications into the way you work.

Delivery

This is an instructor-led, hands on course covering both basic theory and substantial practical work. Those with their own laptops are welcome to bring them and install and test security software during the day. This course is typically run as a practical public seminar but can be run on-site or in-house if required.

Publicly scheduled dates, locations, and prices

Outline Course Contents

Email, Privacy and the Internet

• Why email is insecure
• How you can be snooped on
• Basics of confidentiality
• Encryption and cryptanalysis
• Practical use of ciphers
• Threat and risk
• Secrecy

Securing Email using OpenPGP

• OpenPGP and its implementations
• Key management
• User IDs
• Private keys and passphrases
• Keys and safety
• Verification of keys and identity
• Using OpenPGP to communicate
• Public keyservers
• The Web of Trust

Securing Email using S/MIME

• S/MIME basics
• Certification Authorities and the trust model
• Certificate chains
• Obtaining free certificates
• Using S/MIME to communicate

Secrecy, Security and Oppresive Regimes

• What and why
• The basics of codes and security checks
• Email secrecy, clandestine communications
• Dealing with enforced key disclosure
• Ideal codes
• Steganography

Social and Technical Implications, Useful Tools

• The implications of digital signatures and encryption
• Encrypting to self
• Building the web of trust
• Utilities for webmail and file encryption