如何建立安全的电子邮件
文章来源: 文章作者: 发布时间:2006-11-24 06:56 字体: [ ]  进入论坛
(单词翻译:双击或拖选)
Unencrypted messages can be hijacked1 in transit2 and read or altered.If the mail is not digitally signed,you can’t be sure where it came from.
There are many options for securing e-mail,all with a few strengths and probably more weaknesses.
Let’s take care of the easy decisions.Secure/Multipurpose Internet Mail Extensions(S/MIME)should be the message encryption and digital signature format3 because it’s the accepted standard and is built into leading e-mail clients such as Microsoft Outlook 98/2000 and Lotus Notes R5.Yet a standard such as S/MIME only takes you so far.Each vendor4 has implemented5 its own interpretation6 of S/MIME,which makes interoperability problematic.This drawback is exacerbated7 by the emergence8 of S/MIME Version 3 in the newest e-mail clients,which again could create interoperability issues.
The path of least resistance is to get an e-mail security gateway9, which is analogous10 to a firewall for e-mail.Every message going in or out pases through the gateway,allowing security policies to be enforced (where and when messages can be sent),virus checking to be performed,and messages to be signed and encrypted. One drawback of the gateway approach is that it doesn’t provide user-based security.For example,the gateway encrypts outbound messages so recipients12 can verify they came from your company,but recipients can’t prove from whom they came.
Client-based methods use your private key to sign messages(proving it came from you),which is a more granular level of security,but they have weaknesses as well.They need to be configured on each desktop,which includes issuing a digital certificate to each user (for encryption and digital signature),and ensuring that a proper security profile is configured within the e-mail client.
There are also a number of Web-based secure mail services that keep all messages within their environment at all times to ensure security.You use a secure site on the Internet to compose a message.Once you hit“Send”,the site encrypts and stores the message on its site,and sends the recipient11 an e-mail notification that a secure message is waiting.The recipient links to the site, provides a shared secret for authentication,and accesses the message via Secure Sockets13 Layer. Unfortunately,this method does not work with existing enterprise e-mail systems.
The stickiest issue is building a directory of digital certificates.This directory holds the certificates needed to encrypt messages to a recipient.Internally,building the directory may not be a big deal because all certificates for a company can be published in a central Lightweight Directory Access Protocol14 server,but externally this causes many problems.You will need to establish an agreement with a recipient’s organization to ensure access to the right digital certificates.This process, however, creates more user training issues and adds complexity15 to e-mail communications.
Although there is technology available for secure e-mail, widespread deployment16 is still problematic. However,as more companies and regular e-mail users see the need to secure their messages,the use of digital certificates will one day become a transparent17 part of your everyday activities.

  未加密的信息可能在传输中被截获、偷看或窜改。如果邮件不是数字签名的,你就不能肯定邮件是从哪里来的。
  确保电子邮件的安全有多种选择,它们都有些长处,但有可能存在更多弱点。
  让我们先关注一下容易做的决定,安全/多用途因特网邮件扩展(S/MIME)应该是信息加密和数字签名的格式,因为它是已被认可的标准,被做进了主要的电子邮件客户端软件中,如微软的Outlook 98/2000和莲花公司的Notes R5。迄今为止,你只能用S/MIME一类的标准。每家供应商都有自己对S/MIME的解释,这就引出 了互用性问题,最新的电子邮件客户端软件中S/MIME三版的出现,加重了这个缺陷,它再次可能带来互用性问题。
  阻力最小的道路就是采用电子邮件安全网关,它相当于电子邮件的防火墙。进出的每一条信息都要经过网关,网关可以实施安全政策(信息在何 时向何地发送)、执行病毒检查并给信息签名和加密。这种网关方法的一个缺陷就是它不 能提供基于用户的安全性。例如,网关对向外发的信息进行加密,因而接收方能验证它 们来自你的公司,但接收方不能证明它们来自哪个人。
  基于客户端的方法采用你私人密钥来签署信息(证明它出自于你),这是更细化的安全等级,但它们也有弱点。它们需要配置到每个桌面系统,包括向每个用户发数字证书(用于加密和数字签名),并确保在每个电子邮件客户端都配置了合适的安全配置文件。
  也有多种基于Web的安全邮件服务,这些服务在任何时候把所有信息都保持在它们的环境中,以确保安全性。你利用因特网上一个安全网站来 编写信息,一旦你点击了“发送”,网站就进行加密和把信息保存在该网站中,并向接收方发一份电子邮件通知,告诉他有一份安全的信息等他去接收。接收方链接到该网站,提供用于认证的共享秘密,通过安全入口层(SSL)访问该信息。可惜,此方法不能与现有的企业电子邮件系统一起工作。
  最困难的问题是建立数字证书目录。此目录保存着向一名接收人发的信息进行加密所需的证书。从内部讲,建目录可能不是件大事,因为一家公司的所有证书可以由中央简化目录访问协议服务器颁发,但从外部讲,这会引起很多问题。你需要与收件人所在组织达成协议,以确保访问正确的数字证书。然而,这个过程会造成更多的用户培训问题以及增加电子邮件通信的复杂性。
  虽然已有技术可用于安全的电子邮件,但广泛部署仍是个问题。然而,随着更多的公司和普通电子邮件用户看到了确保其信息安全的需要,终 有一天使用数字证书会变得透明,成为你日常生活的一部分。 


点击收听单词发音收听单词发音  

1 hijacked 54f3e68c506e45e75f9a155a27738c2f     
劫持( hijack的过去式和过去分词 ); 绑架; 拦路抢劫; 操纵(会议等,以推销自己的意图)
参考例句:
  • The plane was hijacked by two armed men on a flight from London to Rome. 飞机在从伦敦飞往罗马途中遭到两名持械男子劫持。
  • The plane was hijacked soon after it took off. 那架飞机起飞后不久被劫持了。
2 transit MglzVT     
n.经过,运输;vt.穿越,旋转;vi.越过
参考例句:
  • His luggage was lost in transit.他的行李在运送中丢失。
  • The canal can transit a total of 50 ships daily.这条运河每天能通过50条船。
3 format giJxb     
n.设计,版式;[计算机]格式,DOS命令:格式化(磁盘),用于空盘或使用过的磁盘建立新空盘来存储数据;v.使格式化,设计,安排
参考例句:
  • Please format this floppy disc.请将这张软盘格式化。
  • The format of the figure is very tasteful.该图表的格式很雅致。
4 vendor 3izwB     
n.卖主;小贩
参考例句:
  • She looked at the vendor who cheated her the other day with distaste.她厌恶地望着那个前几天曾经欺骗过她的小贩。
  • He must inform the vendor immediately.他必须立即通知卖方。
5 implemented a0211e5272f6fc75ac06e2d62558aff0     
v.实现( implement的过去式和过去分词 );执行;贯彻;使生效
参考例句:
  • This agreement, if not implemented, is a mere scrap of paper. 这个协定如不执行只不过是一纸空文。 来自《现代汉英综合大词典》
  • The economy is in danger of collapse unless far-reaching reforms are implemented. 如果不实施影响深远的改革,经济就面临崩溃的危险。 来自辞典例句
6 interpretation P5jxQ     
n.解释,说明,描述;艺术处理
参考例句:
  • His statement admits of one interpretation only.他的话只有一种解释。
  • Analysis and interpretation is a very personal thing.分析与说明是个很主观的事情。
7 exacerbated 93c37be5dc6e60a8bbd0f2eab618d2eb     
v.使恶化,使加重( exacerbate的过去式和过去分词 )
参考例句:
  • The symptoms may be exacerbated by certain drugs. 这些症状可能会因为某些药物而加重。
  • The drugs they gave her only exacerbated the pain. 他们给她吃的药只是加重了她的痛楚。 来自《简明英汉词典》
8 emergence 5p3xr     
n.浮现,显现,出现,(植物)突出体
参考例句:
  • The last decade saw the emergence of a dynamic economy.最近10年见证了经济增长的姿态。
  • Language emerges and develops with the emergence and development of society.语言是随着社会的产生而产生,随着社会的发展而发展的。
9 gateway GhFxY     
n.大门口,出入口,途径,方法
参考例句:
  • Hard work is the gateway to success.努力工作是通往成功之路。
  • A man collected tolls at the gateway.一个人在大门口收通行费。
10 analogous aLdyQ     
adj.相似的;类似的
参考例句:
  • The two situations are roughly analogous.两种情況大致相似。
  • The company is in a position closely analogous to that of its main rival.该公司与主要竞争对手的处境极为相似。
11 recipient QA8zF     
a.接受的,感受性强的 n.接受者,感受者,容器
参考例句:
  • Please check that you have a valid email certificate for each recipient. 请检查是否对每个接收者都有有效的电子邮件证书。
  • Colombia is the biggest U . S aid recipient in Latin America. 哥伦比亚是美国在拉丁美洲最大的援助对象。
12 recipients 972af69bf73f8ad23a446a346a6f0fff     
adj.接受的;受领的;容纳的;愿意接受的n.收件人;接受者;受领者;接受器
参考例句:
  • The recipients of the prizes had their names printed in the paper. 获奖者的姓名登在报上。 来自《简明英汉词典》
  • The recipients of prizes had their names printed in the paper. 获奖者名单登在报上。 来自《现代英汉综合大词典》
13 sockets ffe33a3f6e35505faba01d17fd07d641     
n.套接字,使应用程序能够读写与收发通讯协定(protocol)与资料的程序( Socket的名词复数 );孔( socket的名词复数 );(电器上的)插口;托座;凹穴
参考例句:
  • All new PCs now have USB sockets. 新的个人计算机现在都有通用串行总线插孔。
  • Make sure the sockets in your house are fingerproof. 确保你房中的插座是防触电的。 来自超越目标英语 第4册
14 protocol nRQxG     
n.议定书,草约,会谈记录,外交礼节
参考例句:
  • We must observe the correct protocol.我们必须遵守应有的礼仪。
  • The statesmen signed a protocol.那些政治家签了议定书。
15 complexity KO9z3     
n.复杂(性),复杂的事物
参考例句:
  • Only now did he understand the full complexity of the problem.直到现在他才明白这一问题的全部复杂性。
  • The complexity of the road map puzzled me.错综复杂的公路图把我搞糊涂了。
16 deployment 06e5c0d0f9eabd9525e5f9dc4f6f37cf     
n. 部署,展开
参考例句:
  • He has inquired out the deployment of the enemy troops. 他已查出敌军的兵力部署情况。
  • Quality function deployment (QFD) is a widely used customer-driven quality, design and manufacturing management tool. 质量功能展开(quality function deployment,QFD)是一个广泛应用的顾客需求驱动的设计、制造和质量管理工具。
17 transparent Smhwx     
adj.明显的,无疑的;透明的
参考例句:
  • The water is so transparent that we can see the fishes swimming.水清澈透明,可以看到鱼儿游来游去。
  • The window glass is transparent.窗玻璃是透明的。
TAG标签:
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
验证码:点击我更换图片