S/MIME: Encrypting and Signing Emails for Maximum Security

 S/MIME

Secure/Multipurpose Internet Mail Extensions (S/MIME) is an industry standard that encrypts and digitally signs emails to ensure their integrity and security:

• Encryption: Protects the contents of emails
• Digital signatures: Verifies the sender's identity
• Message integrity: Ensures the email's contents are not altered
• Non-repudiation: Provides a way to prove the origin of the email
• Authentication: Verifies the identities of both the sender and recipient

S/MIME is compatible with most enterprise email clients, including Outlook for iOS and Android. To add or remove a digital signature from a message in Outlook on the web, you can:

• Go to the top of the message
• Select More options > Message options
• Select or deselect Digitally sign this message (S/MIME)

 APFS (Apple File System)

Apple File System (APFS) is a file system that's used for encryption, data storage, and file sharing on Apple devices:

Encryption

APFS uses advanced encryption technology to protect data from unauthorized access.

Data storage

APFS is optimized for solid-state drives (SSDs) used in most modern Mac computers. APFS allocates storage space on demand and can share space between multiple volumes within a container.

File sharing

APFS allows users to duplicate files instantaneously, so the duplicate doesn't take up more storage space.

APFS is the default file system for Mac computers running macOS 10.13 or later. It is also used on iOS, tvOS, and watchOS. APFS is generally considered the better choice for Mac users, but exFAT might be more suitable if you need to share files with Windows computers.

C - I - A: Confidentiality - Integrity - Availability

CIA 

Confidentiality: Making certain information (data) is only viewable by certain people.

1. Encryption is the main method for confidentiality. Whether it is file encryption, full disk encryption, or full device encryption for mobile devices. The user needing to read the information would need a decryption key to decipher the encryption first. 

2. ACL (Access Control Lists) is another method of providing confidentiality. This is not as secure as using encryption. There are different access control methods such as MAC (Mandatory Access Control), DAC ( Discretionary Access Control), Role-BAC (Role-Based Access Control), Rule-BAC (Rule-Based Access Control), and ABAC (Attribute Access Control). These methods and examples will be discussed in a different post.

3. Steganography: With this method, you could hide a document inside of another document, inside a photo, video file, or audio file. The carrier (the file used as the hiding method has to be larger than the file you are trying to hide) looks the same, in the case of the audio or video file they still play. 

Steganography is "Security through Obscurity"

Steganography can be used in some cases to bypass security controls such as DLP (Data Loss Prevention) systems. One way to detect this activity would be to employ file integrity monitoring. That way you would have the original hash and any modification to the file would produce a different hash. 

For the "Use Case" of confidentiality, encryption is used.

Integrity: Making sure that the data has not been altered, changed, corrupted, or modified by intentional or accidental means. 

Verifying integrity is provided through hashing. Hashing is a one-way function that produces a fixed-length output that cannot be reversed to produce the original input.

For the use case of integrity, hashing is used

Availability: This means that the information/data is accessible when the information is needed to modify or view the data.

Many things provide availability such as Load Balancing, Fault Tolerance, Alternate Sites (Hot, Warm, Cold, Mobile), Alternate Power (Generator, UPS), Backups, Patching, RAID, and HVAC.