Security Basics mailing list archives
FW: Email Encryption Between Servers
From: check <check () wescom org>
Date: Wed, 2 Apr 2003 09:19:26 -0800
-----Original Message----- From: Michael Osten [mailto:mosten () bleepyou com] Sent: Tuesday, April 01, 2003 4:53 PM To: security-basics () securityfocus com Subject: RE: Email Encryption Between Servers On Tue, 2003-04-01 at 11:27, Robinson, Sonja wrote:
We evaluated three enterprise solutions and bid them out. I believe that once e-mail leaves your network using exchange it is automatically sent clear text, hence the need for encryption. I am not an exchange administrator so... And if you are sending PHI or GLBA I would send in no less then 128-bit anyway. There are a number of issues you need to think of when evaluating
encryption
including, logging/reporting, forensics & investigations, ease of use for users, ease of administration, key exchanges, can I force my business partners to buy the same product/hardware/service, send to anyone capability, what constitutes due diligence, cost, etc. I am not endorsing any one vendor and these are not necessarily the
opinions
of my employer and should not be construed as such.
I'm pretty sure that Exchange (I know Sendmail/Postfix/Qmail/Exim do) support StartTLS? The benefit of StartTLS is that it is free (other than the cert), open standards, and will automatically encrypt communications between any other mail sever running StartTLS (not just your partners). --------------------------- Michael Osten http://lists.netsys.com/pipermail/full-disclosure/2003-February/008369.html When caught, McWilliams was seen at his computer finishing a non fictional piece titled "Art of Deception to the 100th Power. Pi don't equal Pie Bitch." ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please delete it immediately and advise the sender. WESCOM CREDIT UNION (626) 535-1000 ********************************************************************** ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- RE: Email Encryption Between Servers, (continued)
- RE: Email Encryption Between Servers Dr. S. A. Vetha Manickam (Apr 02)
- RE: Email Encryption Between Servers White-Tiger (Apr 02)
- StartTLS (was: Email Encryption Between Servers) Bear Giles (Apr 03)
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 01)
- RE: Email Encryption Between Servers Michael Osten (Apr 02)
- RE: Email Encryption Between Servers Garbrecht, Frederick (Apr 01)
- RE: Email Encryption Between Servers PWBakker (Apr 02)
- Re: Email Encryption Between Servers Chris Berry (Apr 01)
- RE: Email Encryption Between Servers Craig Humphrey (Apr 02)
- RE: Email Encryption Between Servers Michael Leigh (Apr 02)
- FW: Email Encryption Between Servers check (Apr 02)
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 04)
- RE: Email Encryption Between Servers dave (Apr 07)
- RE: Email Encryption Between Servers Brent Woodard (Apr 07)