RE: Email Encryption Between Servers

From: Michael Leigh (mleigh@austin.rr.com)
Date: 04/02/03

  • Next message: Jacob: "Re: Legislation on employee monitoring"
    From: "Michael Leigh" <mleigh@austin.rr.com>
    To: "'Craig Humphrey'" <Craig.Humphrey@ChapmanTripp.com>, <security-basics@securityfocus.com>
    Date: Wed, 2 Apr 2003 12:15:25 -0800
    
    

    Also, keep in mind local security policies in Windows 2000 allow for IPSEC
    traffic. If they other end points are linux boxes you can implement IPSEC
    box to box traffic as well. It is my opinion though that this put's a lot
    of load on systems that already can get overloaded quickly. I typically
    implement a VPN to accomplish this type of security.

    -----Original Message-----
    From: Craig Humphrey [mailto:Craig.Humphrey@ChapmanTripp.com]
    Sent: Tuesday, April 01, 2003 4:04 PM
    To: security-basics@securityfocus.com
    Cc: 'Al Cooper'
    Subject: RE: Email Encryption Between Servers

    Some people have already mentioned using various forms of VPN, but there are
    also other products that either plug-in to Exchange 2000, or act at a
    gateway between Exchange and the Internet.

    We use MailMarshal from Marshal Software (recently acquired by NetIQ), which
    is a great product, supporting mail filtering as well as gateway to gateway
    encryption, plus a host of other features. It can either be integrated with
    Exchange2000, or act as a relay between the Internet and Exchange (5.x or
    2000).

    http://www.marshalsoftware.co.nz/

    Just my 2c

    > -----Original Message-----
    > From: Al Cooper [mailto:alc@2wh.com]
    > Sent: Tuesday, 1 April 2003 5:44 AM
    > To: security-basics@securityfocus.com
    > Subject: Email Encryption Between Servers
    >
    >
    > We are attempting to set up secure e-mail with our partner
    > companies to
    > comply with the upcoming HIPAA requirements. I would like to
    > find a way to
    > encrypt all e-mail going between our mail server and our
    > partners. We are
    > using Exchange. Some of our partners are also using Exchange
    > and some are
    > using other SMTP servers.
    >
    > Is there a way to automatically force all e-mail between our
    > two e-mail
    > servers (either Exchange to Exchange or Exchange to SMTP) to
    > be encrypted
    > then decrypted on arrival with no end user intervention? If
    > there are,
    > what affect, if any will these encryption methods have on our overall
    > network security.
    >
    > Thanks for your help,
    >
    >
    >
    > -------------------------------------------------------------------
    > SurfControl E-mail Filter puts the brakes on spam,
    > viruses and malicious code. Safeguard your business
    > critical communications. Download a free 30-day trial:
    > http://www.securityfocus.com/SurfControl-security-basics
    >

    -------------------------------------------------------------------
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.securityfocus.com/SurfControl-security-basics

    -------------------------------------------------------------------
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.securityfocus.com/SurfControl-security-basics


  • Next message: Jacob: "Re: Legislation on employee monitoring"