Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Email Encryption
Hi Experts,
I need the ability for my users to send encrypted emails, there seems to be a lot of options TLS PGP. I understand that outlook can also do this with certificates....
Is anyone aware of a simple way of doing this, we dont mind buying a product but it needs to be easy at the recipients end too.
Or is there any good documentation on how to use the Outlook version. We run Office 2010 Pro atm.
Kind Regards,
CJ
I need the ability for my users to send encrypted emails, there seems to be a lot of options TLS PGP. I understand that outlook can also do this with certificates....
Is anyone aware of a simple way of doing this, we dont mind buying a product but it needs to be easy at the recipients end too.
Or is there any good documentation on how to use the Outlook version. We run Office 2010 Pro atm.
Kind Regards,
CJ
Asked:
3
- +2
2 Solutions
I have done work with a few financial institutions. Those institutions have always used a third party product to encrypt the messages. Of course the most secure is not send at all, but to send a message with a link to a protected system that your recipients log into to access the messages sent to them. Much like your banks that have a secure mailbox for you. ZixCorp offers a box like this that I have found works very well.
Barracuda's Spam & Virus Firewall includes an encryption service.
Appriver - Outlook Encryption in One-Click
ZixCorp is another service I have used.
Barracuda's Spam & Virus Firewall includes an encryption service.
Appriver - Outlook Encryption in One-Click
ZixCorp is another service I have used.
It will be the security vs convenience sliding scale..
you can use certificates but there must be a way of each user and recipient exchanging certificates, same with pgp you need the recipients public key and they need yours.
you could use winrar/winzip to encrypt a file which contains the message and pass the password to the recipient via different method of communication (would be worthless if sent in the same message)
you can use certificates but there must be a way of each user and recipient exchanging certificates, same with pgp you need the recipients public key and they need yours.
you could use winrar/winzip to encrypt a file which contains the message and pass the password to the recipient via different method of communication (would be worthless if sent in the same message)
Ok, the key is always, not what the sender can send, but what the recipient can accept.
jodiddy is correct in that most large institutions use what is called an "oracle" based solution (not related to the database company) of which the three big names are pgp inc (now owned by symantec), zixcorp and cisco - for the pgp enterprise gateway, zixmail, and CRES (ironport) solutions respectively
the down side of many such solutions is that the data (or at least the keys to the data) are held by a third party; that is good in many respects (in that the recipients don't need to remember different logins for different sites) but bad in others (in that there is then a single point of failure, a single basket containing all the eggs most attractive to hackers). PGP do offer the option of having a local server to hold the keys *and* data, but that gets you back to the downside (of users having to set up and maintain an account on your server, in addition to the hundreds of others they have to maintain)
Seriously though, go with setting up your own internal CA and issuing keys to your own outlook users - that is free, and if you use the MS CA and group policy, can be done transparently (so your users find it "just works"). From there, they can get experience on sending and receiving mails between themselves. Then, investigate your intended recipients, see what THEY can support. It is possible they can do the same thing, saving them (and you) the expense of buying in a solution.
HOWEVER
you may need to bear in mind any regulatory requirements you might have on discovery, s/mime is notoriously hard to gain authorized administrative access to, as it was not designed with corporate access "built in" - but that's true of almost anything other than the corporate version of pgp, and even there, there is a "gentleman's agreement" that the sender won't deliberately strip the corporate recovery key from the target list before sending. Gateways are more efficient for that (in that they encrypt/decrypt at the network boundary, so that your internal mailstore remains unencrypted for discovery and/or DLP) but are significantly more expensive than desktop solutions.
jodiddy is correct in that most large institutions use what is called an "oracle" based solution (not related to the database company) of which the three big names are pgp inc (now owned by symantec), zixcorp and cisco - for the pgp enterprise gateway, zixmail, and CRES (ironport) solutions respectively
the down side of many such solutions is that the data (or at least the keys to the data) are held by a third party; that is good in many respects (in that the recipients don't need to remember different logins for different sites) but bad in others (in that there is then a single point of failure, a single basket containing all the eggs most attractive to hackers). PGP do offer the option of having a local server to hold the keys *and* data, but that gets you back to the downside (of users having to set up and maintain an account on your server, in addition to the hundreds of others they have to maintain)
Seriously though, go with setting up your own internal CA and issuing keys to your own outlook users - that is free, and if you use the MS CA and group policy, can be done transparently (so your users find it "just works"). From there, they can get experience on sending and receiving mails between themselves. Then, investigate your intended recipients, see what THEY can support. It is possible they can do the same thing, saving them (and you) the expense of buying in a solution.
HOWEVER
you may need to bear in mind any regulatory requirements you might have on discovery, s/mime is notoriously hard to gain authorized administrative access to, as it was not designed with corporate access "built in" - but that's true of almost anything other than the corporate version of pgp, and even there, there is a "gentleman's agreement" that the sender won't deliberately strip the corporate recovery key from the target list before sending. Gateways are more efficient for that (in that they encrypt/decrypt at the network boundary, so that your internal mailstore remains unencrypted for discovery and/or DLP) but are significantly more expensive than desktop solutions.
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
Three posters (myself included) each gave meaningful information; If you delete on the basis that there isn't enough to "confirm" a given answer, you could delete 90% of the questions on here without giving out any points, and alienate most of your experts.
Might I suggest you get someone with experience in this area (such as Tolomir?) to review?
Might I suggest you get someone with experience in this area (such as Tolomir?) to review?
Not sufficiently arrogant to vote for myself , so I recommend
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_27987805.html#a38753315
as the answer (as the queriant explicitly asked for info on setting up outlook) and
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_27987805.html#a38753347
as an assisted answer, as oracle based crypto is a better solution than s/mime (almost nobody ends up using s/mime in the real world, as it requires the recipient to create and distribute the key in advance, usually once per year, and getting your customers to do that is a nightmare)
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_27987805.html#a38753315
as the answer (as the queriant explicitly asked for info on setting up outlook) and
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_27987805.html#a38753347
as an assisted answer, as oracle based crypto is a better solution than s/mime (almost nobody ends up using s/mime in the real world, as it requires the recipient to create and distribute the key in advance, usually once per year, and getting your customers to do that is a nightmare)
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
this might helpful to you..
http://voices.yahoo.com/how-configure-outlook-2010-send-signed-or-11403564.html