Security Basics mailing list archives

RE: Email Encryption Between Servers

From: "Garbrecht, Frederick" <FGarbrecht () ecogchair org>
Date: Tue, 1 Apr 2003 12:52:11 -0500

Since you're doing this to comply with HIPAA, then you and your partner
companies most likely already have firewalls in place; why don't you set up
a gateway to gateway vpn between your company and each of your partners to
provide transparent encryption services for your smtp traffic.  You can set
up the appropriate routing and FW rules so that only the mail going to your
partners gets routed through the encrypted tunnel, the rest would get sent
out as usual.  Decryption would occur transparently on the distal gateway,
and then the unencrypted email would then be passed to the partners smtp
server for delivery.  You can certainly do this with Checkpoint and PIX; you
can probably also rig something up using the Windows native ipsec, although
I've never done this.

Good luck,
Fred
-----Original Message-----
From: Al Cooper
To: security-basics () securityfocus com
Sent: 3/31/03 12:44 PM
Subject: Email Encryption Between Servers

We are attempting to set up secure e-mail with our partner companies to
comply with the upcoming HIPAA requirements.  I would like to find a way
to
encrypt all e-mail going between our mail server and our partners.  We
are
using Exchange.  Some of our partners are also using Exchange and some
are
using other SMTP servers.

Is there a way to automatically force all e-mail between our two e-mail
servers (either Exchange to Exchange or Exchange to SMTP) to be
encrypted
then decrypted on arrival with no end user intervention?   If there are,
what affect, if any will these encryption methods have on our overall
network security.

Thanks for your help,



-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics

Current thread:

Email Encryption Between Servers Al Cooper (Apr 01)
- Re: Email Encryption Between Servers Jose Celestino (Apr 01)
- Re: Email Encryption Between Servers Net Shark (Apr 01)
- RE: Email Encryption Between Servers Michael Leigh (Apr 01)
  - RE: Email Encryption Between Servers Dr. S. A. Vetha Manickam (Apr 02)
  - RE: Email Encryption Between Servers White-Tiger (Apr 02)
- StartTLS (was: Email Encryption Between Servers) Bear Giles (Apr 03)
- <Possible follow-ups>
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 01)
  - RE: Email Encryption Between Servers Michael Osten (Apr 02)
- RE: Email Encryption Between Servers Garbrecht, Frederick (Apr 01)
  - RE: Email Encryption Between Servers PWBakker (Apr 02)
- Re: Email Encryption Between Servers Chris Berry (Apr 01)
- RE: Email Encryption Between Servers Craig Humphrey (Apr 02)
  - RE: Email Encryption Between Servers Michael Leigh (Apr 02)
- FW: Email Encryption Between Servers check (Apr 02)
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 04)
  - RE: Email Encryption Between Servers dave (Apr 07)
- RE: Email Encryption Between Servers Brent Woodard (Apr 07)