Need advice from you bros, expert!

beyondgadgets · Sep 9th, 09, 09:57 PM

dear all

Objective
Phase 1.Secure email communications between a few parties around the world.
Email must be encrypted in some form such that anyone intercepting the email will just see garbage. only the rightful recipients can decrypt the email.
Preferably with total control of the email server at a designated location

Phase 2. Secure voice communications. Same thing, no one intercepting should know about the content of the voice communications.

phase 3, secure video communications. same requirement as above.

bottom line is security of information.
please assume that this project has a very reasonable amount of budget.
if anyone can help me on this project or want to be involve as well can pm me your contact, we arrange for a meet up

Crazy · Sep 9th, 09, 11:42 PM

ssl encryption with ur own crytography..

Crazy · Sep 9th, 09, 11:44 PM

and oh yeah.. if u have the money.. pull your own point to point link.. else u need to look at encryption... also when encrypting video, must use tcp ..

idiotboi89 · Sep 9th, 09, 11:57 PM

Understanding the concept of SSL (Secure Socket Layer ) / TLS (Transport Layer Security) and Cryptography(Public Private Key System) would help you greatly.

actually.. skype is an application that is current fulfilling point 2 and 3

Hope it helps.. i might be wrong though.. so best to do some research.

beyondgadgets · Sep 12th, 09, 08:47 AM

thanx guys for the inputs, any expert free for a coffee session?

proyb2 · Sep 12th, 09, 08:17 PM

Quote:

Originally Posted by beyondgadgets

thanx guys for the inputs, any expert free for a coffee session?

There is an option for free beer?

I'm noob about SSL implementation.

beyondgadgets · Sep 13th, 09, 02:07 PM

beer no prob, but noob should not apply

idiotboi89 · Sep 14th, 09, 03:14 AM

* does not meet requirement to apply * =(

beyondgadgets · Sep 14th, 09, 03:25 PM

anyone?

beyondgadgets · Sep 14th, 09, 08:30 PM

boink

DragonFire · Sep 14th, 09, 08:37 PM

As requested by PM

Please note that I am not a security professional so I can only give you some pointers.

Phase 1 - What email system do you have in mind? Pop3? Exchange? Gmail? You need to look into PGP, and public/private keypairs

Need to know more before commenting.

Phase 2 and 3 can be supported using a secure VPN.

Basically you set up a OpenVPN VPN server at a secure site, and have your clients connect to this server.

You can then use open source, easily available software like Ventrilo to do audio conferencing over the VPN network.

At this point am not familiar with point to point video conferencing solutions. Legacy stuff like NetMeeting will work perfectly though.

As long as traffic stays on the VPN, your data will be protected.

VPN access keys need to be securely transmitted, preferably by CD using registered post. The CD should be destroyed after the key has been retrieved.

Your safety is at the network transport layer in this case. As long as your VPN is not breached, it should be secure.

Client terminals should have full disk encryption to prevent loss of the key or unauthorised access.

==

For storage or full system encryption, check out TrueCrypt. This software is great for encrypting attachments and documents.

TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux

DF

beyondgadgets · Sep 14th, 09, 09:11 PM

cool, thanks.

phase 1 - i have looked into PGP. thats pretty much one of the best around. email most prob will be pop3 base using a commericial software like
PGP Desktop Email Encryption - Secure End-to-End Email Protection

i have also looked in hushmail.com which is webmail on openPGP, but we maybe at the webmail mercy of exposure of oue privacy.

my question is : is it better to setup an email server , putting it at a secure location , on a secure line, will this make much of a diff than a normal shared email server.
coz right now , its like encrypting locally, sending it over normal(unsecure lines) then decrypt at receiver end. even a man-in-the-middle-attack should not yield useful data to attacker as the data are all encrypted.

next question is: how to i set up a secure line? i mean are there local providers that do such services?

i have a rough idea for phase 2 and 3 now, thanks for your inputs.
appreciate it.

DragonFire · Sep 14th, 09, 10:12 PM

pop3 with 3rd party encryption should provide a decent level of security.

Shared email servers are fine as all your data should be stored in an encrypted state.

DF