Solved

Email Encryption for Outlook 2007

Posted on 2015-01-16
8
227 Views
Last Modified: 2015-01-17
Hi Guys,

I am looking for what I am hoping to be a Simple Program that will allow one of my users to send Encrypted email from Outlook 2007.  This user has simple one person (for now) that is requesting encrypted email.  I have tried a few from Symantec, but they don't seem to be that user friendly.  I need something simple if that is possible, and something that the recipient doesn't have to jump through hoops to be able to open.t

Thanks in advance
Jazzanlex
0
Comment
Question by:Jazzanlex
  • 3
  • 3
  • 2
8 Comments
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 40553879
I've yet to find a really simple, cheap email encryption solution that just works and users can understand.

Is this a corporate user with their own email server?  Would TLS encryption between your email servers suffice?  You are looking at the costs of the certificates and the initial configuration but it means it is transparent to the end users, it isn't encrypted in their inbox, just as it transits the internet from your server to theirs.

Without spending any money, you could write the content of the email in a Word Processer and then password protect the document and send that as an attachment instead.
0
 
LVL 1

Author Comment

by:Jazzanlex
ID: 40553901
That is what I figured.   This is one user on a Standalone Windows 7 Laptop and he does a small amount of dealings with the Department of Defense and they are requiring him to encrypt his emails.    They do not have there own email server, their company email is hosting through 1and1.com.
0
 
LVL 6

Assisted Solution

by:BurundiLapp
BurundiLapp earned 250 total points
ID: 40553908
Since technically the content would be encrypted this may suffice, to encrypt the full email envelope to suit DOD requirements would, I expect, not be cheap, the encryption in Office 2010 is AES-128 CBC as far as I am aware, with a suitably long password (9 to 10) characters it would make it very hard to brute force the password.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 40554909
Outlook already *has* encrypted mail, built in - its called S/Mime.

Problem is, like most encrypted email solutions, you need to have the key for the recipient already on the machine before you can send mail to them - and teaching the users to handle that can be a pain.

Actually *sending* and *receiving* S/Mime is pretty easy though - decryption is automatic (with a password prompt if that is configured) and encryption or signing is simply a case of clicking the appropriate toolbar button.

Symantec's PGP solution works pretty much the same way, but requires a compatible plugin and isn't free.

Symantec's Universal Gateway solution is different, and much more configurable (but again, really REALLY isn't free) - you place a box between your mail server and the internet, that has an internet-facing web interface.  Outbound messages are automatically encrypted, inbound automatically decrypted. IF the recipient doesn't already have a key, then "oracle based" encryption comes into play; the mail is held on the server until the recipient sets up an account (using the web interface, and a link emailed to them) and then they effectively use webmail between you and the server; they also have the option to import a key (pgp again, naturally) and then the mail will be transparently encrypted with that in the future.

Cisco have a similar solution (called CRES) that is fully hosted. Microsoft call theirs "Exchange Hosted Encryption" and a 3rd party called Zixmail have a similar offering.

However, you can't beat S/Mime for universality and cheapness. The keys are actually the same as https certificates, so can be issued using the MS CA software (built into more recent  MS Server operating systems), the free XCA, OpenSSL, and so forth (its a standard, so there are no shortage of ways to generate those). Almost all mail clients support S/Mime without further software needed.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Author Comment

by:Jazzanlex
ID: 40555070
I was able to get the Symantec Desktop Encyrption working  and setup to send encrypted emails to people.  The cost of a program is not the issue, I want to just make sure that the encryption is working correctly.  I am going to try S/Mime setup as well Dave.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40555111
The cost of pgp software is more of an issue when everyone you need to send encrypted mail TO has to buy it also.

Now, by my understanding, SDE supports both pgp and s/mime - but s/mime is built into outlook already, and pgp requires the other correspondents to have pgp (ok, or gnupg, the free open source version of the standard)
0
 
LVL 1

Author Closing Comment

by:Jazzanlex
ID: 40555188
Hey Guys,

Thanks for you help I was able to get it working through both the Symantec Trial Software and use the built in S/Mime feature in Outlook.  I'll let the receipent decide which he'd like me to use.  Thanks again for the help, I split the point hope you don't mind, as both answered helped and led me in the correct direction.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40555208
Well, good luck.

I have seen far, far too many companies start to implement encrypted email, only to fail at the first hurdle - because encrypted email (other than expensive, oracle based solutions, requires that the recipient create a key and send it to the sender in advance, and getting people to do that (and for expiring-key solutions such as s/mime, renewing those) is a major logistical headache.

That said, if this is due to *one* remote correspondent wanting to use encryption - you could just ask them which one they chose to use, and get one of those :)
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now