Encrypted E-mail: Close One Door, Open Another

by Veronica Cuello
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits malicious code

It is common knowledge that virus detection should be a part of any corporation’s security strategy. The threat of malicious code is an area of information security that is relatively well understood by the general population. However, with the introduction of more aggressive malicious code such as the Nimda virus, many corporations have realized that desktop virus scanning is necessary, but insufficient. With Nimda, the user does not even have to click on an infected attachment! Just opening the e-mail is enough to infect the computer in some cases. Detecting viruses before they enter the network, at the e-mail gateway for example, provides a much more proactive first line of defense. The use of server-based virus scanning techniques is part of an overall defense in depth strategy. One aspect of the virus threat that is not well understood is that server-based virus scanners cannot scan encrypted messages1

https://www.sans.org/reading-room/whitepapers/malicious/encrypted-e-mail-close-door-open-105