Security Basics mailing list archives
RE: Email Encryption Between Servers
From: "Garbrecht, Frederick" <FGarbrecht () ecogchair org>
Date: Tue, 1 Apr 2003 12:52:11 -0500
Since you're doing this to comply with HIPAA, then you and your partner companies most likely already have firewalls in place; why don't you set up a gateway to gateway vpn between your company and each of your partners to provide transparent encryption services for your smtp traffic. You can set up the appropriate routing and FW rules so that only the mail going to your partners gets routed through the encrypted tunnel, the rest would get sent out as usual. Decryption would occur transparently on the distal gateway, and then the unencrypted email would then be passed to the partners smtp server for delivery. You can certainly do this with Checkpoint and PIX; you can probably also rig something up using the Windows native ipsec, although I've never done this. Good luck, Fred -----Original Message----- From: Al Cooper To: security-basics () securityfocus com Sent: 3/31/03 12:44 PM Subject: Email Encryption Between Servers We are attempting to set up secure e-mail with our partner companies to comply with the upcoming HIPAA requirements. I would like to find a way to encrypt all e-mail going between our mail server and our partners. We are using Exchange. Some of our partners are also using Exchange and some are using other SMTP servers. Is there a way to automatically force all e-mail between our two e-mail servers (either Exchange to Exchange or Exchange to SMTP) to be encrypted then decrypted on arrival with no end user intervention? If there are, what affect, if any will these encryption methods have on our overall network security. Thanks for your help, ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- Email Encryption Between Servers Al Cooper (Apr 01)
- Re: Email Encryption Between Servers Jose Celestino (Apr 01)
- Re: Email Encryption Between Servers Net Shark (Apr 01)
- RE: Email Encryption Between Servers Michael Leigh (Apr 01)
- RE: Email Encryption Between Servers Dr. S. A. Vetha Manickam (Apr 02)
- RE: Email Encryption Between Servers White-Tiger (Apr 02)
- StartTLS (was: Email Encryption Between Servers) Bear Giles (Apr 03)
- <Possible follow-ups>
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 01)
- RE: Email Encryption Between Servers Michael Osten (Apr 02)
- RE: Email Encryption Between Servers Garbrecht, Frederick (Apr 01)
- RE: Email Encryption Between Servers PWBakker (Apr 02)
- Re: Email Encryption Between Servers Chris Berry (Apr 01)
- RE: Email Encryption Between Servers Craig Humphrey (Apr 02)
- RE: Email Encryption Between Servers Michael Leigh (Apr 02)
- FW: Email Encryption Between Servers check (Apr 02)
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 04)
- RE: Email Encryption Between Servers dave (Apr 07)
- RE: Email Encryption Between Servers Brent Woodard (Apr 07)