exchange secure emails

Posted on 2007-07-23
Last Modified: 2010-03-06
I would like to know how to set up exchange server so that all emails going outside/inside the organization is secure.
I have heard of S/MIME and SSL, but don't know the difference and how to implement them.

any help??

Question by:jskfan
    LVL 22

    Expert Comment


    there are a number of ways to secure messages

    1. TLS which is Server to Server and a point to point
    lets say you want to email another email domain i.e you can configure a connector for that name that uses TLS. This would protect a message between servers but not end to end

    2. S/mime  
    This allows a user to sign or encrpyt a message providing end to end security (encrypting) and non repudiation (signing)
    S/mime uses certificates to provide signing /encrypting
    This can be come interesting to deploy because users will need access to the other users key.

    User1 wants to send an encrypted message to User2
    User 1 would need a copy of users 2 public Key to encrypt the message
    -- how can user 1 get this
    a. They are on the same Email system and the User 2 has the key published
    b. user 2 has access to a directory where the cert is published
    c. User1 has send User 2 a singed message and User2 has saved this to thier contacts

    Author Comment

    this link talks about the S/MIME method with snapshots

    Author Comment

    I appreciate you explanation above, but when should someone use SSL and when should he use S/MIME??
    LVL 22

    Expert Comment

    SSL is part of the PKI infrastructure and uses certificates to protect transmissions.

    An easy example of this would be a website https://x.y

    That site is using SSL to protect the communiction between the client and sever

    To secure protocols like POP,IMAP,HTTP to use an SSL certfiicate

    S/MIME untilizes a PKI infrastructure (certs)

    here is a book talking about secuing Exchange

    Author Comment

    according to what you said SSL or S/MIME  sound the same.

    can you illustrate the difference please?
    LVL 22

    Expert Comment

    yes and not..... they both use Certificates/PKI to operate and they both do provide similar functionaliy but are 2 different items

    S/MIME users a control in the client that allow Outlook or OWA to utilize a cert assigned to a User
    Lets use a smart card since thats what I deal with everyday.
    Joe has Card1
    Sue has Card2
    Each user has been given a physical card (does not have to be this way but what I am using) which hosts a public and private key (Cert)
    Joe wants to send a message to Sue that is encrypted-- Joe would need access to Sue's public key to encrypt the message this can be done in a few ways.
    Sue is the only one who can open the message since she is the only user with the Private key
    Thus protecting the message since Sue is the onlyone who can open it
    Joe want to send a singed message to Sue
    Joe using his private key that only Joe has (on his card) and signs the message when Sue recieves the message she can validate the sender was joe since he is the only user with the private key. The signed message only states it was from Joe but the data could have been manipulated since it was not protect so it only validates who the sender of the message was

    Is the generic mechanism that we use with a PKI infrastructure

    HTTPS - Uses SSL , the website has a Cert (pub and private key) and works like I described with the users above

    Think of the term of SSL as a general description  or a mechanism that we use to secure web sites, with S/MIME, and smart card logon

    S/Mime was developed by RSA to protect the transmittions of electronic messages.

    SSL gets used a lot by people to be generic...

    Does that clear it up a bit more?

    Author Comment

    SSL  is to secure two applications
    S/MIME is to secure messages
    IPSEC is to secure the whole network

    LVL 22

    Accepted Solution

    that works...

    Ipsec secures communication at the network level it does not have to be the entire network but communicaton between machine/devices

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    Easy CSR creation in Exchange 2007,2010 and 2013
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now