Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Email Encryption Between Servers

From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Tue, 1 Apr 2003 12:27:25 -0500 
We evaluated three enterprise solutions and bid them out.  I believe that
once e-mail leaves your network using exchange it is automatically sent
clear text, hence the need for encryption.  I am not an exchange
administrator so...  And if you are sending PHI or GLBA I would send in no
less then 128-bit anyway.  

There are a number of issues you need to think of when evaluating encryption
including, logging/reporting, forensics & investigations, ease of use for
users, ease of administration, key exchanges, can I force my business
partners to buy the same product/hardware/service, send to anyone
capability, what constitutes due diligence, cost, etc.  

I am not endorsing any one vendor and these are not necessarily the opinions
of my employer and should not be construed as such.

Sonja Robinson, CISA
Network Security Analyst
HIP Health Plans
Office:  212-806-4125
Pager: 8884238615



-----Original Message-----
From: Al Cooper [mailto:alc () 2wh com] 
Sent: Monday, March 31, 2003 12:44 PM
To: 
Subject: Email Encryption Between Servers


We are attempting to set up secure e-mail with our partner companies to
comply with the upcoming HIPAA requirements.  I would like to find a way to
encrypt all e-mail going between our mail server and our partners.  We are
using Exchange.  Some of our partners are also using Exchange and some are
using other SMTP servers.

Is there a way to automatically force all e-mail between our two e-mail
servers (either Exchange to Exchange or Exchange to SMTP) to be encrypted
then decrypted on arrival with no end user intervention?   If there are,
what affect, if any will these encryption methods have on our overall
network security.

Thanks for your help,



-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics


**********************************************************************
This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or 
others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have 
received this communication in error, please notify the sender of the error immediately, do not read or use the 
communication in any manner, destroy all copies, and delete it from your system if the communication was sent via 
email. 




**********************************************************************


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics
Previous By Date Next
Previous By Thread Next

Current thread: