Solved

Email Encryption

Posted on 2014-02-10
10
361 Views
Last Modified: 2014-02-11
My client requested that she wants to email another company and have the email password protected and the email encrypted.  So i immediately thought of zix, which im not a big fan of, so im asking if anyone has done anything like this using digital certificates or other methods that not only work with one client but can work with all other external mail systems and clients.  We already ruled out zipping or password protecting attachments in the message, too much of a hassle.

Client is Exchange 2013 running on Windows Server 2012 standard configuration for the most part....
0
Comment
Question by:PlatinumInfo
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39847462
Probably you will need to implement S/MIME.

S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identifier (ID) can read them. With S/MIME, users can digitally sign a message, which allows recipients to verify both the sender’s identity, and that no one has tampered with the message.

S/MIME requires users to sign in to Outlook Web App using either Internet Explorer 7 or Internet Explorer 8. Users must have a digital ID, and must install the S/MIME control for Outlook Web App before they can send encrypted and digitally-signed messages through Outlook Web App. They must also have both a digital ID and the S/MIME control to read encrypted messages in Outlook Web App.

The S/MIME control is necessary for signature verification on a digitally signed message. Use the SMIME tab in the Options menu to install the S/MIME control for Outlook Web App on a user’s computer.

But if you deploy third party software IDS/IPS or IRM this will not be able to read or change the email.

For protecting the username and password for your user, you have to deploy an SSL certificate on your client access server and then choose an authentication option you have several, but the better ones in my opinion are integrated windows authentication and Forms Bases Authentication, this last one deploy a cookie on your client that is responsible to encrypt the user and pass and time for the session, if your user closed the browser this cookie will be deleted.

Hope this can help you.

Regards
0
 

Author Comment

by:PlatinumInfo
ID: 39847548
My client is using Microsoft Outlook 2010 and 2013, not the Outlook Web App version with is browser based, and the other side i have no idea though i would assume the same.  

I dont care to password protect the email credentials, she asked to password protect opening an email and to my knowledge it cant be done without using a third party like zix.  

R
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39847608
SO you can use the AD RMS with Information rights management. With this service you can set security polices on outlook and in your infra-structure in a granularity way, but this require that the users as to have a microsoft account, what this means. That the user as to have an AD account or microsoft login live.

Regards
0
 

Author Comment

by:PlatinumInfo
ID: 39847680
I cant predict the other side.  They might be using Thunderbird pulling pop mail from a 1992 type of config or hotmail or gmail or lotus notes...
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39847732
Well you can use S/Mime and digitaly certificates for the users, this will ensure end to end encryption, and also works with Outlook and other mail softwares.

Regards
0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39847829
If you cannot predict what the other side is going to use using, then anything client side is completely out of the question.
You need to look at one of the hosted encrypted email solutions. These usually work where you send an email in the normal way, but if there is a tag in the subject line the recipient doesn't get the email. Instead they get a link to read it on a secure portal. They can then reply to the message through the portal.
These are used by a lot of financial institutions and works well - most of the major security players have a solution for this.

Simon.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39847867
Give DocuSign a go.

Authentication Options:

Access Code: Your recipient must enter an access code you provide before they can view the envelope.
Phone Authentication: The system provides a validation code to the recipient and then places a call to the recipient’s chosen number. After answering the phone, the recipient is prompted to enter the validation code and speak their name.
ID Check: The recipient to provide some initial personal information and then answer a set of questions based on publicly available data before the recipient can view the envelope.
Live or Social ID: This option requires your recipient to enter their Live ID or Social ID (Salesforce, LinkedIn, Google, etc.) credentials before they can view the envelope.
0
 

Author Comment

by:PlatinumInfo
ID: 39848642
I think giovanni is on the right track.  Any other third party ideas?
0
 

Author Comment

by:PlatinumInfo
ID: 39848940
http://www.gpg4win.org/index.html

this is kinda cool, anyone know of a paid english version of this that is a bit simpler?
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39849067
Gpg4win requires installation on both endpoints (author/recipient), in addition to key generation-- if implemented properly.

Your link *is* the English version.  The GUI, Kleopatra, is merely displaying hieroglyphics to emphasize its own name.

The commercial version is PGP, Symantec Desktop Email Encryption, and is required on both ends as well.

On online equivalent would be Hushmail, which takes care of the technical details for you; though both sender/receiver would need a Hushmail account.  Hushmail has been known to disclose confidential correspondence when compelled to do so.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out what you should include to make the best professional email signature for your organization.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now