Securing Emails and Websites

Have you ever thought that there is someone spying on your  emails and access to websites?

Do you know that normal email messages are stored and delivered through the Internet by email servers in plain readable words?

These email messages can be viewed directly by anyone who owns the mail server, or read by administrators that maintain the mail servers by browsing the mail storage and opening these message files.

Alternatively, emails can be intercepted using various methods such as setting up a rogue proxy server that provides a public “free Internet” service. When this “free Internet” service is utilized by unsuspecting users to send their messages, the data passed through this rouge proxy server are copied illegally.

These copied messages then can be viewed in plain sight without any restriction by the owner of this rogue proxy server.

To secure these emails from spying eyes, the plain readable words of the email messages in storage and transit must be scrambled into unreadable codes using a process called encryption.

Email encryption can be achieved by using a trusted digital certificate on any compatible email client such as Outlook.

But there is another use for digital certificate on an email, as it can be used to prove the identity of the email sender and verify the received original email message has not been modified by another person.

You might receive emails from your business partners regularly and you liaise with them confidently without doubting their identity daily.

But what if someday an email from your well-known bank officer asking you to provide your personal details to reactivate a bank payment channel or services, would you stop to wonder if this email is genuinely from the person you know and start to be suspicious, or would you provide all the required details without a doubt since the originating email address matches your address book entry?

What about getting an email from your child studying overseas, begging for a money deposit into a bank account because his mobile phone and wallet are missing? Left with no money and just his laptop while stranded at a train station or airport to email you for help, would you urgently deposit the money without thinking this could be a scam by some clever crime syndicate going after your money?

When you receive an email message with a trusted digital signature, will clear your doubts as you can confirm that the sender is who the sender claims to be & the email message has not been altered in any way during transit.

Verified email message on Outlook (indicator at top right):

Outlook secure

Encrypted email message on Outlook (padlock indicator at top right):

Outlook encypted

You may have done online banking or visit websites that requires you to login to use their services.

But the information you entered into the web form are also transmitted in plain readable words from your browser into their server which can be illegally copied during transit, unless these websites are using secure encrypted communication protected by a trusted digital certificate which are indicated by the “https://(Hyper Text Transfer Protocol Secure) and a locked padlock indicator on the browser itself.

Trusted secure website on Chrome browser (locked padlock indicator at address bar):

Website secure

With the secure encrypted communication channel in place, you may submit P&C information and perform transactions with confidence that no unauthorized persons are able to read the coded information even if they manage to copy the data transmission.

To participate in accepting our private trusted digital certificates, please perform the steps below.

Performing the steps below using Internet Explorer or Google Chrome browser will allow IE, Chrome, & Outlook on your personal computer to recognize our private trusted digital certificates used in participating websites and email messages.

Start by entering this address into your browser:

https://ca.datumcorp.com/datumca.crt

“Open” it and click “Install Certificate” & place this into “Trusted Root Certification Authorities” store.

Once this is done, you are able to see the trusted and secure communication indicators when using any of our secure websites or reading all digitally signed emails from us, instead of a red untrusted warning indicator.

 

To use request and use our digital certificate to secure your emails in Outlook, please use Internet Explorer to perform these steps.
If you did not see the sections described in the steps below, please enable “Compatibility View” in your Internet Explorer and start from step 1) again.

Do not use Firefox, Chrome, or other browsers as they are not compatible.
1)
Using Internet Explorer, enter this into the address bar:
https://ca.datumcorp.com/certsrv

Click on “Request a certificate” -> “advanced certificate request” -> “Create and submit a request to this CA.” -> “Yes” button.
Fill in the “Identifying Information” section with your correct details.

Choose:
Type of Certificate Needed: “E-Mail Protection Certificate
Key Size: 2048
Marks keys as exportable” checkbox.
Hash Algorithm: sha256

and click on “Submit“.

Sample information entry as below:

EMail

Wait for us to generate the certificate as indicated in the message.

2)
Once the certificate is ready, using Internet Explorer on the same computer, reenter this address into the address bar:
https://ca.datumcorp.com/certsrv

Click on “View the status of a pending certificate request” -> “Install the certificate“.

3)
Start Outlook and follow the instructions below:

Outlook 2003:

  1. On the Tools menu, click Options, and then click the Security tab.
  2. Click Settings.
  3. At the bottom of the Security Settings Preferences section, click New.
  4. In the Security Settings Name box, enter a name.
  5. In the Cryptographic format list, click S/MIME.
  6. Next to the Signing Certificate box, click Choose, and then select a certificate that is valid for digital signing.
  7. Next to the Encryption Certificate box, click Choose, and then select a certificate that is valid for encryption.
  8. Select the Send these certificates with signed messages check box unless you will be sending and receiving signed messages only within your organization.

Outlook 2007:

  1. On the Tools menu on the Outlook Mail view, click Trust Center to open the Trust Center dialog box, and at the far left of the dialog box, click E-mail Security.
  2. Under Encrypted e-mail, enable the Add digital signature to outgoing messages check box.
  3. Enable the Send clear text signed message when sending signed messages check box. This check box is selected by default.
  4. Enable the Encrypt contents and attachments for outgoing messages check box.
  5. To verify that your digital signature is being validated by recipients and to request confirmation that the message was received unaltered, as well as notification telling you who opened the message and when it was opened, select the Request S/MIME receipt for all S/MIME signed messages check box. When you send a message with an S/MIME return receipt request, this verification information is returned as a message sent to your Inbox.
  6. Click Settings button and click OK three times to confirm all the changes.

Outlook 2010 & 2013:

  1. Click the File tab on top left menu.
  2. Click Options on the bottom left.
  3. Click Trust Center on the bottom left.
  4. Under Microsoft Outlook Trust Center section, click Trust Center Settings button on the right.
  5. On the E-mail Security tab on the left, under Encrypted e-mail section on top, enable the Add digital signature to outgoing messages check box.
  6. Enable the Send clear text signed message when sending signed messages check box. This check box is selected by default.
  7. Enable the Encrypt contents and attachments for outgoing messages check box.
  8. Click Settings button and click OK three times to confirm all the changes.

Now you are ready to send digitally signed emails to everyone and respond with encrypted messages to any sender that uses digital signatures too.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *