Solved

Need suggestions on Encryption for Exchange 2003 Server

Posted on 2009-05-04
7
252 Views
Last Modified: 2012-05-06
Am needing to add encryption for all email traffic for our Exchange 2003 server.  Is there some method or product available to do so that will be transparent to our users and also not interfere with the flow of incoming and outgoing email?


0
Comment
Question by:BlueGoose
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 3

Expert Comment

by:Girish_2500
ID: 24294776
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24294814
With Exchange 2003 you can only encrypt traffic with other sites that you specifically set. Exchange 2003 does not do opportunist TLS. Therefore it would have to be with specific domains only. If you were to enforce TLS on all traffic then you would lose easily 80% of all email.

Simon.
0
 

Author Comment

by:BlueGoose
ID: 24294844
Simon-


Do you have any suggestions on something for encryption for Exchange 2003?
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 65

Expert Comment

by:Mestha
ID: 24294998
You have to use something that can be used by the other side to read the messages.
Therefore while something like PGP is easy to implement, for the other side to read it, means downloading something.

What is your end goal? Saying that you want to encrypt everything is a rather wide question.

If you just want to ensure the message is not tampered with, then you could simply sign the message.

Remember - the vast majority of email on the internet, probably 99% or more is not encrypted. If you start sending all email out encrypted then most recipients will have problems reading it, particularly if they are using a web mail service.

Simon.
0
 

Author Comment

by:BlueGoose
ID: 24295068
Due to PCI complicance and some new Massachusetts security laws, steps need to be taken so that information on the database(in this case the Information Store) needs to have some level of encryption.


It would be more on the level that information we have on hand we would want some level of protection for it so that if one of out backup tapes was aquired they could not just pull info off of it.

Is this even possible?


Does Exchange 2007 allow for more security in this regard?


Thanks and hope I am clearer in what I am asking
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24300214
More badly drafted laws.
The PCI compliance I hear a lot as well  in many cases it is down to the interpretation.

If you are worried about your backup tapes, then you have to protect them as part of the backup process by using a backup tool that will encrypt the tapes. However that also means that you have to protect the encryption process as well. Otherwise your DR is useless if you cannot decrypt the data on them in the event of a recovery being required.

Otherwise it comes down to protection of the systems. Any security expert will tell you that if someone has physical access it is game over.

This is a question that needs to be put to a technical lawyer, who has an understanding of the technology and the law, so that it is interpreted correctly. It all comes down to interpretation of the laws and requirements.

Simon.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question