[unisog] network service encryption requirements for privacy/confidentiality

Brian Eckman eckman at umn.edu
Fri Apr 11 16:13:35 GMT 2008


Harry,

Not sure how much help it is, but here's a page that talks about the 
encryption of credentials used to check email here at UMN...

http://www1.umn.edu/securclt/

It isn't written as a policy (but it's enforced like one - the mail 
servers will not accept unencrypted connections), but it's something you 
can point to if you need a list of other institutions requiring 
encryption of email credentials.

Brian

Harry Hoffman wrote:
> Hi All,
> 
> I'm looking for some help finding written policy mandating the use of 
> encryption in network based services (i.e. SMTP/IMAP/POP/HTTP(S)/etc) as 
> it pertains to the privacy/confidentiality of data in a university 
> environment.
> 
> Is anyone out there still allowing non-encrypted services (i.e. 
> IMAP/POP/SMTP)? If so, why?
> 
> What about use of S/MIME or PGP to sign/encrypt messages?
> 
> And how about portable device encryptions? Laptops, palm-sized devices, 
> cell-phones, etc.
> 
> Any help is greatly appreciated.
> 
> Cheers,
> Harry
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list