The SecureLine End-To-End Email Encryption Service is a service provided by LuxSci that allows its users to easily send and receive secure email messages to and from anyone on the Internet who has an email address - no matter what kind of email software or service that correspondent has and no matter how insecure that correspondent's current email services are!

SecureLine provides services compatible with PGP, S/MIME as well as a secure message "Escrow" service that can be used to communicate securely with anyone.

See Also:

• SecureLine End-To-End Email Encryption Service

Secure WebMail: Your passwords and the contents of all of your messages are encrypted via SSL (Secure Socket Layer) when communicate with our WebMail application. No one can eavesdrop, and you know for sure that you are communicating with LuxSci!

Additionally, you can use our optional visual keyboard to enter your password using your mouse when logging into our WebMail portal. This tool helps you mitigate the possibility that spyware running on your computer (or the untrusted computer in the Internet Cafe that you may be using) could capture your password and deliver it to unauthorized people.

Secure IMAP and POP: Regular IMAP and POP are insecure in that your username, password, and all your messages are sent back and forth to the email server in "plain text" so anyone listening in can see your messages and discover your password. With Secure IMAP and POP over SSL, all of this information is encrypted so that no one can eavesdrop or discover your password!

Secure, Authenticated SMTP: Regular SMTP is insecure in the same way that regular IMAP and POP are, so anyone listening in can see your "plain text" messages and discover your password! With Secure SMTP, all of this information is encrypted so that no one can eavesdrop or discover your password! Our SMTP Server also requires authentication for SMTP Relaying so that you must send your username and password in order to send messages to addresses not managed by our servers. This protects you and us from our servers being used from the sending of Spam.

Our secure SMTP services are provided via both TLS (Transport Layer Security; STARTTLS for SMTP) and SSL, and are thus compatible with all email clients that support one of these mechanisms.

Secure, Anonymous SMTP: Use our secure anonymous SMTP server to have all information about your computer, its Internet address, and your email client stripped from outgoing email messages. This provides enhanced privacy: you recipients will have no way of determining where you are sending your email from -- they will only be able to track the messages back to LuxSci's servers. Without this, recipients could use your computer address information to determine your physical location - the region, city, or even the address!

Enforced use of SSL: Account administrators can choose to force their users to only connect to our email services (i.e. WebMail, POP, IMAP, and SMTP) over SSL. When the account administrator enables this option by checking a single checkbox in his/her account, all account users will be denied access to these services unless they connect over SSL-secured channels. Thus, enforcing policies regarding security use is very easy.

Secure Inbound Email with TLS: LuxSci's inbound email servers support "Transport Layer Security - TLS". This allows email sent to you from other companies to be encrypted and secured during transit from their servers to LuxSci's servers, assuming the sender's servers support this feature. This also means that any email internally from one user to another on LuxSci is secured during transport.

Login/Access Auditing: We track all logins to your account via POP, IMAP, SMTP, and WebMail. This includes the exact time and the IP address used, among other information. This auditing information is available to you, your account administrator, and technical support at all times. You can easily check if unwanted people or programs are logging into your accounts.

Auditing of Email Sending: We track all messages sent from WebMail, your email servers (via SMTP), and your web sites. This allows you, your administrator, and our support team to see what email messages are being sent when and from where. It also allows us to proactively stop Spam attempts -- even if they are unintentional or the result of web site insecurity. Note, records of message content are not available to your administrators or our standard support teams, so this auditing does not tread on privacy concerns.

Incoming Email Attack Guard: Attack Guard protects your messaging infrastructure from Denial of Service (DoS) attacks and other threats by the real-time monitoring and analysis of email traffic patterns. Dictionary attacks, mail bombs, email flooding and other attacks designed to interrupt service or harvest corporate or personal email addresses can be blocked with real-time detection. Additionally, the service scans the incoming Simple Mail Transport Protocol (SMTP) stream for abnormalities in protocol compliance and abuse. This service is available to subscribers of our Email Defense service.

Customizable WebMail Session Timeouts: Account administrators and users can customize their WebMail session timeout from the default of 2 hours to anything between 5 minutes and 8 hours. Account administrators can optionally enforce that user timeouts are no longer than the account-wide default.

LuxSci provides an alternate secure members' web portal (the Xpress members' portal). Not only does the Xpress portal use minimal graphics for maximal speed, but it does not use cookies or JavaScript at all and suppresses some of the features of the full portal that may put you at risk, like viewing HTML attachments inline. The Xpress portal supports most of the features of the full members' portal (including WebMail, technical support, account administration, and file management facilities), and provides maximal browser compatibility and security.

It is your choice if and when you use the Xpress portal or the Full portal (which does use cookies, JavaScript and more graphics). While the Xpress portal is faster and more secure, the full portal is more user friendly and somewhat more fully featured.

See Also:

• About the Xpress portal.

LuxSci's WebAides allow you to create a variety of collaboration instruments such as journals, bulletin boards, file archives. LuxSci ensures the security of your data in many ways, including:

• PGP Encryption. You can choose to encrypt individual eJournal entries and attachments using PGP encryption. Supports the creation of personal and group PGP keys, the specification of the recipients of encrypted data on a per-entry basis, and verification of digital signatures on all encrypted content. Entries encrypted via PGP are very secure. Even the LuxSci technical staff cannot access their content without access to your PGP key password (which is never saved in plain text on our servers).
• Access Tracking. You can enable access tracking on your eJournals so that users can see, for every entry, who created, viewed, or edited the entry and when.
• Security & Access Control. Only people with a login to Lux Scientiae's web site can possibly access your eJournals (They are not public). You can also determine exactly who has permission to view your eJournal, add entries, edit entries, make comments, and administer your eJournal. You can specify this per user, per user group, and/or per account basis. You can share your eJournals with other members of your account and/or members of other LuxSci accounts -- you decide.

As far as HIPAA, the Health Insurance Portability and Accountability Act, is concerned, email compliance implies "securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them". It does not specify what technologies must be used to do this, leaving that decision up to the individual health care organizations.

LuxSci allows health care and other organizations to meet these goals by providing:

• Encrypted communications ensuring that no one cane eavesdrop on your WebMail or email sessions.
• Login auditing so that you can track who accessed what services when and from where.
• Strict privacy policies ensuring that noone will access your data without your explicit consent.
• Secured servers ensuring that noone except you has access to your email data.
• Easy integration: LuxSci's security services work with any modern web browser or email client and are simple to configure.

See also:

• HIPAA Security Management in Electronic Communications.

With LuxSci secure web hosting, you can protect your web site with SSL (Secure Socket Layer). You can provide the certificate or we can help you obtain one. Our MySQL databases support encrypted connections using TLS to protect your data stream when you connect from remote locations.

Our consulting services can help you create secure and robust login and authentication modules for your web site and protect your secure files from prying eyes. We can also help you implement encryption, and public key (PKI) solutions in your web site for maximum enhanced security.

Secure web hosting comes with all the features of secure email!

See also:

• Recipe: Completely Secure Collection of Web Form Data Using SSL and PGP

In addition to our access controls which allow you to specify who can see your information, LuxSci has a very strict privacy policy - our technical support staff will never access your email or WebAides without your prior consent.