RE: Email Encryption Between Servers

From: PWBakker (pwbakker@janusriskmanagement.com)
Date: 04/02/03

  • Next message: White-Tiger: "RE: Email Encryption Between Servers" 
    Date: Wed, 02 Apr 2003 09:13:32 -0500
To: 'Al Cooper ' <alc@2wh.com>, "'security-basics@securityfocus.com '" <security-basics@securityfocus.com>
From: PWBakker <pwbakker@janusriskmanagement.com>

    All of the suggestions on the list for Point to Point VPNs creating partner
    extranets are excellent suggestions, however you need to make sure the same
    level of diligence and security is maintained on your partners networks.
    You would also explicitly deny and/or allow traffic only to a segmented
    part of your DMZ where your mail relay servers would be. Plus you need to
    make sure, under HIPAA that you have adequate administrative and
    operational policies and procedures in place. The final HIPAA regulation
    for encryption of email and other EDI type transactions revolves around AS2
    and S/MIME. You might want to look up the WEDI SNIP efforts to learn more
    about secure email under HIPAA.

    let me know if you need more and good luck

    ./phillB

    At 12:52 PM 4/1/2003, Garbrecht, Frederick wrote:
    >Since you're doing this to comply with HIPAA, then you and your partner
    >companies most likely already have firewalls in place; why don't you set up
    >a gateway to gateway vpn between your company and each of your partners to
    >provide transparent encryption services for your smtp traffic. You can set
    >up the appropriate routing and FW rules so that only the mail going to your
    >partners gets routed through the encrypted tunnel, the rest would get sent
    >out as usual. Decryption would occur transparently on the distal gateway,
    >and then the unencrypted email would then be passed to the partners smtp
    >server for delivery. You can certainly do this with Checkpoint and PIX; you
    >can probably also rig something up using the Windows native ipsec, although
    >I've never done this.
    >
    >Good luck,
    >Fred
    >-----Original Message-----
    >From: Al Cooper
    >To: security-basics@securityfocus.com
    >Sent: 3/31/03 12:44 PM
    >Subject: Email Encryption Between Servers
    >
    >We are attempting to set up secure e-mail with our partner companies to
    >comply with the upcoming HIPAA requirements. I would like to find a way
    >to
    >encrypt all e-mail going between our mail server and our partners. We
    >are
    >using Exchange. Some of our partners are also using Exchange and some
    >are
    >using other SMTP servers.
    >
    >Is there a way to automatically force all e-mail between our two e-mail
    >servers (either Exchange to Exchange or Exchange to SMTP) to be
    >encrypted
    >then decrypted on arrival with no end user intervention? If there are,
    >what affect, if any will these encryption methods have on our overall
    >network security.
    >
    >Thanks for your help,
    >
    >
    >
    >-------------------------------------------------------------------
    >SurfControl E-mail Filter puts the brakes on spam,
    >viruses and malicious code. Safeguard your business
    >critical communications. Download a free 30-day trial:
    >http://www.securityfocus.com/SurfControl-security-basics
    >
    >-------------------------------------------------------------------
    >SurfControl E-mail Filter puts the brakes on spam,
    >viruses and malicious code. Safeguard your business
    >critical communications. Download a free 30-day trial:
    >http://www.securityfocus.com/SurfControl-security-basics

    =======================================
    Phill Bakker
    Director of Client Solutions
    Janus Risk Management, Inc.
    Two Mount Royal Avenue, Suite 300
    Marlboro, Massachusetts 01752
    www.janusriskmanagement.com
    pwbakker@janusriskmanagement.com
    508-485-8500 or 617-571-1870
    =======================================

    -------------------------------------------------------------------
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.securityfocus.com/SurfControl-security-basics

  • Next message: White-Tiger: "RE: Email Encryption Between Servers"

    Relevant Pages

    • Re: Email Encryption Between Servers
      ... >We are attempting to set up secure e-mail with our partner companies to ... >encrypt all e-mail going between our mail server and our partners. ... Some of our partners are also using Exchange and some are ... >using other SMTP servers. ...
      (Security-Basics)
    • Re: Email Encryption Between Servers
      ... > encrypt all e-mail going between our mail server and our partners. ... Some of our partners are also using Exchange and some are ... > using other SMTP servers. ...
      (Security-Basics)
    • Email Encryption Between Servers
      ... encrypt all e-mail going between our mail server and our partners. ... Some of our partners are also using Exchange and some are ... using other SMTP servers. ...
      (Security-Basics)
    • RE: Email Encryption Between Servers
      ... once e-mail leaves your network using exchange it is automatically sent ... There are a number of issues you need to think of when evaluating encryption ... Subject: Email Encryption Between Servers ... encrypt all e-mail going between our mail server and our partners. ...
      (Security-Basics)
    • Re: Adding additional WINS server
      ... Herb Martin commented ... > WINS servers as both push and pull partners ... I don't think he wants to set up replicating partners even if he has ... If all WINS clients are using both WINS server in their ...
      (microsoft.public.windows.server.dns)
    • Quantcast