The underlying solution of false transmission is the various filtering introduced in the previous part. However, even if these measures are taken, it is a little difficult to eradicate the false transmission. Considering the above, I would like to consider the preparation of the important information.

Then, it appears in the product and service which can set the password for the inspection of the attachment file. It is a countermeasure which mainly considers the false transmission of the attachment file containing important information. Even if you send a file that is different from the file you want to send, you can send it to another. In addition, the effect of access restriction can be maintained even if mail is transferred to other users.

Encryption equipment is full of products

There are two methods. (1) to perform the encrypting process of the attachments automatically, and (2) to convert the attached file to web contents and to send only the URL (Table 1). In both cases, the password for browsing the contents of the attached file is set, and the access restriction can be made. Let's see how each concrete move.

(1) is a product realized by using encryption equipment. Various vendors offer, and the assortment is abundant. For example, there are "broadea safeattach" of orange software, "HDE secure mail2 for zip" of HDE, "ciphercraft / mail server edition of NTT software", and "Hitachi paper engineering's" secret AE mailguard ".

A rough mechanism does not fundamentally change any product. The SMTP gateway is installed at the backend of the mail server, and the mail sent to the mail server is received at the gateway (Fig. 6). If there is an attachment file, it is removed (encrypted) or encrypted (or compressed) and attached to the mail server again. The password is set in the encryption. The password must be transmitted to the other party by an email other than the original mail, and the recipient does not open the attachment.

The password generation method can be selected as "preset" and "random" which the encryption device automatically generates each time the mail is transmitted. Though the trouble of generation and notification of the password increases and becomes complicated, the random password is used, and it becomes the countermeasure of the false transmission.

Depending on the product, the sender can set the password every time the transmission. In the Hitachi mailguard e-mailguard, the user sends mail with the message file "request file" to mailguard at the time of e-mail creation. This is the first group group manager of business planning department, business planning headquarters, Hitachi Software Engineering Inc.

Usually, when the data is encrypted and exchanged, the receiver has software with the decoding function. However, the products which are introduced here can be decrypted without using exclusive software.

URL conversion type without attaching an attachment

On the other hand, what is the solution to make the attachment automatically web contents? Internet service provider (ISP) service. Specifically, the Internet Initiative (ij) is "ij secure MX service" (in conjunction with the company's online storage service).

The mechanism is this. For example, in the case of Iij secure MX service, an attachment with an attachment file is sent, and the attachment is saved on the ij service side. Delete the attached file from the mail body. Instead, add the download URL and send it to the body. If the recipient receives the password from the sender and accesses the URL in the mail, the content of the attached file can be viewed. If the sender notices the wrong transmission, it is only necessary to inform the other party of the password. It is also possible to delete an attachment file managed by the ij side (Fig. 7).

This solution takes the form of automatically removing the attachments and sending the URL to get the content to come to the other party. In the above encryption method, the attached file itself is passed to the other party. However, for users to use these services, it is necessary to modify the DNS server and mail server settings to send and receive mail via the ISP gateway.

Passwords must be delivered via sender

Even if an attachment file is encrypted, even if an URL is converted to a URL, it becomes a point on the user to use the password and how to send it. As described above, when a fixed password is set for each partner, the partner can browse the received file even if the error is transmitted. It is necessary to set the password so that the password is changed randomly. Of course, it is necessary to avoid setting the password which is easy to be easily broken (photograph 2).

At this point, I would like to note how to notify the password to the other party. In the false transmission countermeasure, the password should be sent only to the sender himself. If this is the case, the recipient will not open the attached file until the recipient receives a password. After sending the email, the sender will be able to secure a time of reconfirmation that "there is no problem even if the file is actually transmitted".

In any case, since the password is transmitted to the other party, it is not returned. It is necessary to be an additional countermeasure, even if it is an encryption or URL conversion, and an effort to stop the false transmission itself from outside of the company is necessary.

I recommend you

PR

Attention event

Nikkei chronostat special

What's new

• Communication issues continue! Innovating the net environment
• How do we work in cloud computing
• Reason why communication is necessary for legacy escape
• 5g * AI strategy of Softbank
• IT Infrastructure Infrastructure
• Integrated management of secondary data
• Data management
• 4 steps to automate monitoring
• The effect obtained by "automation 2.0"
• Autonomous IT infrastructure without manpower
• Secure and comfortable remote work environment
• Security in cloud age
• The latest trend of IT infrastructure in DX era.

Management

• 5g * AI strategy of Softbank
• Digital change and frontiers
• The difference between failure and success
• How to reduce overtime
• Importance of zero trust security
• Making the future of Softbank in Takeshiba headquarters
• Protect your data with cloud backup
• Iron rules to improve management
• It strategy to jump over cliff in
• Data driven management realized! Ba tools
• Future of image technology
• Automatic flight drone

Cloud

• How do we work in cloud computing
• Data management
• The latest trend of IT infrastructure in DX era.
• What should we use partner partners?

Application / db / Middleware

• What is the app to reduce the burden of IT administrators?
• A questionnaire on introduction of IT products and services

Operation management

• Integrated management of secondary data
• 4 steps to automate monitoring
• The effect obtained by "automation 2.0"
• Autonomous IT infrastructure without manpower
• Innovative service that dramatically changes billing business
• 2025 cliff and SAP user choices
• How to break down the challenges it departments have?
• 10th generation core ™ Let's note sv7 impression

Server / storage

• IT Infrastructure Infrastructure

Client / OA equipment

• Best laptop PC for mobile work
• What is the effective point of telework practice?
• Brand new standard for office
• Innovation for next generation whiteboard
• Even the office is handy

Network / communication services

• Communication issues continue! Innovating the net environment

• Reason why communication is necessary for legacy escape
• Secure and comfortable remote work environment

Security

• Security in cloud age
• Is this risk by telework promotion?
• It might be an internal mail, target attack mail!