• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

exchange secure emails

I would like to know how to set up exchange server so that all emails going outside/inside the organization is secure.
I have heard of S/MIME and SSL, but don't know the difference and how to implement them.

any help??

thanks
0
jskfan
Asked:
jskfan
  • 4
  • 4
1 Solution
 
ATIGCommented:
:)

there are a number of ways to secure messages

1. TLS which is Server to Server and a point to point
lets say you want to email another email domain i.e Microsoft.com you can configure a connector for that name that uses TLS. This would protect a message between servers but not end to end

2. S/mime  
This allows a user to sign or encrpyt a message providing end to end security (encrypting) and non repudiation (signing)
S/mime uses certificates to provide signing /encrypting
This can be come interesting to deploy because users will need access to the other users key.

User1 wants to send an encrypted message to User2
User 1 would need a copy of users 2 public Key to encrypt the message
-- how can user 1 get this
a. They are on the same Email system and the User 2 has the key published
b. user 2 has access to a directory where the cert is published
c. User1 has send User 2 a singed message and User2 has saved this to thier contacts

http://en.wikipedia.org/wiki/S/MIME
http://en.wikipedia.org/wiki/Transport_Layer_Security
0
 
jskfanAuthor Commented:
this link talks about the S/MIME method with snapshots
http://www.petri.co.il/configure_message_security_in_exchange_2003.htm
0
 
jskfanAuthor Commented:
I appreciate you explanation above, but when should someone use SSL and when should he use S/MIME??
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ATIGCommented:
SSL is part of the PKI infrastructure and uses certificates to protect transmissions.

An easy example of this would be a website https://x.y
http://www.webopedia.com/TERM/S/SSL.html

That site is using SSL to protect the communiction between the client and sever

To secure protocols like POP,IMAP,HTTP to use an SSL certfiicate

S/MIME untilizes a PKI infrastructure (certs)

here is a book talking about secuing Exchange http://www.amazon.com/CYA-Securing-Exchange-Server-Outlook/dp/1931836248
0
 
jskfanAuthor Commented:
ATIG:
according to what you said SSL or S/MIME  sound the same.

can you illustrate the difference please?
0
 
ATIGCommented:
yes and not..... they both use Certificates/PKI to operate and they both do provide similar functionaliy but are 2 different items

S/MIME users a control in the client that allow Outlook or OWA to utilize a cert assigned to a User
Lets use a smart card since thats what I deal with everyday.
Joe has Card1
Sue has Card2
Each user has been given a physical card (does not have to be this way but what I am using) which hosts a public and private key (Cert)
--------------------------
Encryption
Joe wants to send a message to Sue that is encrypted-- Joe would need access to Sue's public key to encrypt the message this can be done in a few ways.
Sue is the only one who can open the message since she is the only user with the Private key
Thus protecting the message since Sue is the onlyone who can open it
---------------
Singning
Joe want to send a singed message to Sue
Joe using his private key that only Joe has (on his card) and signs the message when Sue recieves the message she can validate the sender was joe since he is the only user with the private key. The signed message only states it was from Joe but the data could have been manipulated since it was not protect so it only validates who the sender of the message was

SSL/PKI
----------------------
Is the generic mechanism that we use with a PKI infrastructure

HTTPS - Uses SSL , the website has a Cert (pub and private key) and works like I described with the users above

Think of the term of SSL as a general description  or a mechanism that we use to secure web sites, with S/MIME, and smart card logon

S/Mime was developed by RSA to protect the transmittions of electronic messages.

SSL gets used a lot by people to be generic...

Does that clear it up a bit more?
0
 
jskfanAuthor Commented:
SSL  is to secure two applications
S/MIME is to secure messages
IPSEC is to secure the whole network

correct?
0
 
ATIGCommented:
that works...

Ipsec secures communication at the network level it does not have to be the entire network but communicaton between machine/devices
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now