Solved

Email Encryption

Posted on 2014-02-10
10
359 Views
Last Modified: 2014-02-11
My client requested that she wants to email another company and have the email password protected and the email encrypted.  So i immediately thought of zix, which im not a big fan of, so im asking if anyone has done anything like this using digital certificates or other methods that not only work with one client but can work with all other external mail systems and clients.  We already ruled out zipping or password protecting attachments in the message, too much of a hassle.

Client is Exchange 2013 running on Windows Server 2012 standard configuration for the most part....
0
Comment
Question by:PlatinumInfo
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39847462
Probably you will need to implement S/MIME.

S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identifier (ID) can read them. With S/MIME, users can digitally sign a message, which allows recipients to verify both the sender’s identity, and that no one has tampered with the message.

S/MIME requires users to sign in to Outlook Web App using either Internet Explorer 7 or Internet Explorer 8. Users must have a digital ID, and must install the S/MIME control for Outlook Web App before they can send encrypted and digitally-signed messages through Outlook Web App. They must also have both a digital ID and the S/MIME control to read encrypted messages in Outlook Web App.

The S/MIME control is necessary for signature verification on a digitally signed message. Use the SMIME tab in the Options menu to install the S/MIME control for Outlook Web App on a user’s computer.

But if you deploy third party software IDS/IPS or IRM this will not be able to read or change the email.

For protecting the username and password for your user, you have to deploy an SSL certificate on your client access server and then choose an authentication option you have several, but the better ones in my opinion are integrated windows authentication and Forms Bases Authentication, this last one deploy a cookie on your client that is responsible to encrypt the user and pass and time for the session, if your user closed the browser this cookie will be deleted.

Hope this can help you.

Regards
0
 

Author Comment

by:PlatinumInfo
ID: 39847548
My client is using Microsoft Outlook 2010 and 2013, not the Outlook Web App version with is browser based, and the other side i have no idea though i would assume the same.  

I dont care to password protect the email credentials, she asked to password protect opening an email and to my knowledge it cant be done without using a third party like zix.  

R
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39847608
SO you can use the AD RMS with Information rights management. With this service you can set security polices on outlook and in your infra-structure in a granularity way, but this require that the users as to have a microsoft account, what this means. That the user as to have an AD account or microsoft login live.

Regards
0
 

Author Comment

by:PlatinumInfo
ID: 39847680
I cant predict the other side.  They might be using Thunderbird pulling pop mail from a 1992 type of config or hotmail or gmail or lotus notes...
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39847732
Well you can use S/Mime and digitaly certificates for the users, this will ensure end to end encryption, and also works with Outlook and other mail softwares.

Regards
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39847829
If you cannot predict what the other side is going to use using, then anything client side is completely out of the question.
You need to look at one of the hosted encrypted email solutions. These usually work where you send an email in the normal way, but if there is a tag in the subject line the recipient doesn't get the email. Instead they get a link to read it on a secure portal. They can then reply to the message through the portal.
These are used by a lot of financial institutions and works well - most of the major security players have a solution for this.

Simon.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39847867
Give DocuSign a go.

Authentication Options:

Access Code: Your recipient must enter an access code you provide before they can view the envelope.
Phone Authentication: The system provides a validation code to the recipient and then places a call to the recipient’s chosen number. After answering the phone, the recipient is prompted to enter the validation code and speak their name.
ID Check: The recipient to provide some initial personal information and then answer a set of questions based on publicly available data before the recipient can view the envelope.
Live or Social ID: This option requires your recipient to enter their Live ID or Social ID (Salesforce, LinkedIn, Google, etc.) credentials before they can view the envelope.
0
 

Author Comment

by:PlatinumInfo
ID: 39848642
I think giovanni is on the right track.  Any other third party ideas?
0
 

Author Comment

by:PlatinumInfo
ID: 39848940
http://www.gpg4win.org/index.html

this is kinda cool, anyone know of a paid english version of this that is a bit simpler?
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39849067
Gpg4win requires installation on both endpoints (author/recipient), in addition to key generation-- if implemented properly.

Your link *is* the English version.  The GUI, Kleopatra, is merely displaying hieroglyphics to emphasize its own name.

The commercial version is PGP, Symantec Desktop Email Encryption, and is required on both ends as well.

On online equivalent would be Hushmail, which takes care of the technical details for you; though both sender/receiver would need a Hushmail account.  Hushmail has been known to disclose confidential correspondence when compelled to do so.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now