This is actually the first time I’ve even heard of opportunistic TLS, I’m used to seeing S/MIME and PGP when reading about email encryption.  What I like about this is encryption/decryption is done on the server side so the users don’t have to do anything different when sending emails and we don’t have to issue a certificate to each user and manage the keys.

If you’re using Exchange Server 2007, opportunistic TLS is already enabled by default.  You can check this by entering Get-SendConnector “Send Connector Name” | Format-List in the Exchange Management Shell.  Look for the IgnoreStartTLS parameter, if it’s set to false then opportunistic TLS is enabled.

To check whether a server supports TLS, telnet to the server on port 25 and check if the server supports the STARTTLS command, for example:

telnet mail.global.frontbridge.com 25

This server supports TLS

Here’s an example of the header of an email that was delivered with TLS enabled (I modified the IP addresses and names for privacy reasons):

Received: from mailgateway01 (1.2.3.4) by mailserver01.domain.com (1.2.3.5)
with Microsoft SMTP Server (TLS) id 8.1.263.0; Mon, 16 Mar 2009 18:05:18
-0400
Received: from mail.global.frontbridge.com ([65.55.88.22]) by mail.somedomain.com
([1.2.3.4]) with ESMTP (TREND IMSS SMTP Service 7.0; TLS:
TLSv1/SSLv3,128bits,AES128-SHA) id 06456c96000057da for <jdoe@microsoft.com>;
Mon, 16 Mar 2009 18:05:16 -0500

A local PC repair firm found the disc under the the laptop’s keyboard when the laptop was put in for repair.   The disc had the words “Home Office” and “Confidential” written on it.

The good news is, at least this time both the laptop and the disc have been encrypted.

Read the full article here.

Related Posts:

Backup Tape Lost – 650,000 Customers Affected

Laptop with Data on  600,000 People Stolen

The one I would recommend is this free open-source disk encryption software called TrueCrypt. I’ve been using this software for about a year and a half now and never had a problem with it. It’s very easy and simple to use and supports different encryption algorithms, including AES-256 (Advanced Encryption Standard, 256-bit key) which is the encryption standard adopted by the U.S. government.

My new laptop actually came with its own encryption software but I still prefer TrueCrypt better because of its simplicity. What you basically do is you create a volume using the software by specifying how much disk space you want to allocate for it, the type of encryption to use, and the volume password (make sure you choose a strong password!!!). Then this encrypted volume would look just like a regular file on your hard drive. You then use TrueCrypt to mount that volume to your OS (it will prompt you for the volume password that you created earlier). The mounted volume would look just like a regular hard disk drive and you use it just like a regular hard disk drive as well. The encryption is done on-the-fly. You can also set TrueCrypt to automatically mount the volumes on startup. TrueCrypt is available for Windows Vista (32-bit and 64-bit)/XP/20003/2000 and Linux.

You can download TrueCrypt from here for free.

Cost of TrueCrypt? $0. Cost of your stolen data falling into the wrong hands? Well, that depends, but it could be HUGE!!!