Answer the question
In order to leave comments, you need to log in
Where to read articles about safe work/transfer/exchange of information on the Internet?
Hey! I am interested in topics of this nature, namely about the protection of information that is transmitted in various ways, such as instant messengers, gsm communications, email clients, and so on. First of all , I'm interested in data protection within the corporate use of an email client, a corporate disk (document exchange). Secondly , how to communicate through phones/messengers correctly. Communication of industrial and commercial structure, ~30 employees.
There is enough information already read (it is unlikely that it was properly assimilated), but I personally do not see a ready-made plug-and-play solution. The logical question is why do you need it in principle, create a regular server based on your domain in any of the registrars and use it. But as practice shows, firstly, upon any request from structures in Russia, on such servers as soap.ru and so on, all data is provided. There is no direct need to protect data from this attack, but there is no desire to feel "undressed".
Actually, the question is, where can you study, compare, read reviews of real gurus, and try to solve / implement a solution on your own (and is it possible?) Or find the right specialist who can explain all the nuances and set up the work? If the latter, then, in fact,, which will help to understand all this and how to set the task correctly?
Answer the question
In order to leave comments, you need to log in
If you ask such questions, it is better to find a specialist and give money for setting up a turnkey infrastructure. $200 per user will come out of the initial cost.
If there is loot, you will find it quickly.
Try to read about the cryptopro program, it can encrypt both files and correspondence
create a regular server based on your domain
First and foremost - first define for yourself what 'safety' is! This complex concept includes not only network protocols and user interface, but also a set of rules that users must follow (the same proverbial piece of paper with a password on the monitor).
To send a message from one user to another, you need:
* initial authentication
You need to somehow associate the letters on the screen with a specific person, and this is a mega problem, because there is no universal solution, more precisely, it exists - it's a phone number, which is why modern managers link a user account to a phone number. They cannot be generated indefinitely for spam (it costs some money for the user) and at the same time almost every person on the planet already has it (except for very poor countries, but even there there is at least some kind of infrastructure)
Accordingly, you need an infrastructure (contracts with a provider, software and physical servers or paid cloud services) that will provide authentication via the same sms. If there is an application for the phone, some steps can be started, but this is unreliable, because the application is hacked. The initial sms will have to be sent one way or another.
Alternative - it is necessary to have some kind of account registration center (if you have an organization - this is the most logical option) where someone in charge can say - 'this person is these letters on the screen, I guarantee'.
There is a gpg standard when users can exchange gpg keys (in a personal meeting, for example, via a qr-code) confirm that this user is what he claims. But as you understand, a personal meeting is still needed. I have not seen a single manager where this process was somehow socialized, roughly speaking you would see all the confirmations from other users (in the form of a tree of trust and confirmation). But I guess it would be too difficult for a classic user, although it is most true for a decentralized messenger.
There are plugins for various jabber and email clients. There seemed to be a browser plugin that not only managed these signatures but also allowed the raid to decrypt the messages on the page.
* authorization
This problem directly follows from the method of initial authentication and storing its results.
The simplest is password authentication, the server stores everything necessary for work, when the password is entered, a temporary token is issued to the application and everyone is happy, the application, by some condition, deletes the token and requires re-entering the password. If you stand up for security, you should not use any third parties as an authorization intermediary (googl / facebook / Vasya Pupkin), it should be your service.
If you store all the necessary data (gpg keys for example) locally, you still need to somehow protect the password, biometric authentication (fingerprints), etc. from access to third parties. but each solution has its own level of security (the cost of hacking) ...
* Communication and data storage
All messages must be delivered somehow. They must be stored somewhere while the participants are not online.
If correct, everything should be organized according to the same gpg scheme, the users store the keys, and the server is a stupid pipe for data and keeps everything encrypted.
BUT clients don’t want to bother with storing keys, they want to press the button and it’s good, which means that the server is storing these keys and all encryption becomes absolutely meaningless (except for the low level itself, but there encryption keys can be issued temporarily as it happens with https and completely imperceptible to the user)
* The software must be adequate to the security system
There are a lot of nuances here. Who are you protecting information from? A classic mistake, for example, is that important information cannot be sent to services that can peep this information (I remember the master key of a cryptocurrency account, some kind of mobile wallet out of habit sent, like any text message, to the Google server for spell checking, with all the ensuing consequences, someone lost about 80k money).
because not background-color, but background.
if without background color - background-image
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question