[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

Email Encryption

My client requested that she wants to email another company and have the email password protected and the email encrypted.  So i immediately thought of zix, which im not a big fan of, so im asking if anyone has done anything like this using digital certificates or other methods that not only work with one client but can work with all other external mail systems and clients.  We already ruled out zipping or password protecting attachments in the message, too much of a hassle.

Client is Exchange 2013 running on Windows Server 2012 standard configuration for the most part....
0
PlatinumInfo
Asked:
PlatinumInfo
  • 4
  • 3
  • 2
  • +1
1 Solution
 
David Paris VicenteCommented:
Probably you will need to implement S/MIME.

S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identifier (ID) can read them. With S/MIME, users can digitally sign a message, which allows recipients to verify both the sender’s identity, and that no one has tampered with the message.

S/MIME requires users to sign in to Outlook Web App using either Internet Explorer 7 or Internet Explorer 8. Users must have a digital ID, and must install the S/MIME control for Outlook Web App before they can send encrypted and digitally-signed messages through Outlook Web App. They must also have both a digital ID and the S/MIME control to read encrypted messages in Outlook Web App.

The S/MIME control is necessary for signature verification on a digitally signed message. Use the SMIME tab in the Options menu to install the S/MIME control for Outlook Web App on a user’s computer.

But if you deploy third party software IDS/IPS or IRM this will not be able to read or change the email.

For protecting the username and password for your user, you have to deploy an SSL certificate on your client access server and then choose an authentication option you have several, but the better ones in my opinion are integrated windows authentication and Forms Bases Authentication, this last one deploy a cookie on your client that is responsible to encrypt the user and pass and time for the session, if your user closed the browser this cookie will be deleted.

Hope this can help you.

Regards
0
 
PlatinumInfoAuthor Commented:
My client is using Microsoft Outlook 2010 and 2013, not the Outlook Web App version with is browser based, and the other side i have no idea though i would assume the same.  

I dont care to password protect the email credentials, she asked to password protect opening an email and to my knowledge it cant be done without using a third party like zix.  

R
0
 
David Paris VicenteCommented:
SO you can use the AD RMS with Information rights management. With this service you can set security polices on outlook and in your infra-structure in a granularity way, but this require that the users as to have a microsoft account, what this means. That the user as to have an AD account or microsoft login live.

Regards
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
PlatinumInfoAuthor Commented:
I cant predict the other side.  They might be using Thunderbird pulling pop mail from a 1992 type of config or hotmail or gmail or lotus notes...
0
 
David Paris VicenteCommented:
Well you can use S/Mime and digitaly certificates for the users, this will ensure end to end encryption, and also works with Outlook and other mail softwares.

Regards
0
 
Simon Butler (Sembee)ConsultantCommented:
If you cannot predict what the other side is going to use using, then anything client side is completely out of the question.
You need to look at one of the hosted encrypted email solutions. These usually work where you send an email in the normal way, but if there is a tag in the subject line the recipient doesn't get the email. Instead they get a link to read it on a secure portal. They can then reply to the message through the portal.
These are used by a lot of financial institutions and works well - most of the major security players have a solution for this.

Simon.
0
 
Giovanni HewardCommented:
Give DocuSign a go.

Authentication Options:

Access Code: Your recipient must enter an access code you provide before they can view the envelope.
Phone Authentication: The system provides a validation code to the recipient and then places a call to the recipient’s chosen number. After answering the phone, the recipient is prompted to enter the validation code and speak their name.
ID Check: The recipient to provide some initial personal information and then answer a set of questions based on publicly available data before the recipient can view the envelope.
Live or Social ID: This option requires your recipient to enter their Live ID or Social ID (Salesforce, LinkedIn, Google, etc.) credentials before they can view the envelope.
0
 
PlatinumInfoAuthor Commented:
I think giovanni is on the right track.  Any other third party ideas?
0
 
PlatinumInfoAuthor Commented:
http://www.gpg4win.org/index.html

this is kinda cool, anyone know of a paid english version of this that is a bit simpler?
0
 
Giovanni HewardCommented:
Gpg4win requires installation on both endpoints (author/recipient), in addition to key generation-- if implemented properly.

Your link *is* the English version.  The GUI, Kleopatra, is merely displaying hieroglyphics to emphasize its own name.

The commercial version is PGP, Symantec Desktop Email Encryption, and is required on both ends as well.

On online equivalent would be Hushmail, which takes care of the technical details for you; though both sender/receiver would need a Hushmail account.  Hushmail has been known to disclose confidential correspondence when compelled to do so.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now