• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Encrypting emails?

M

munkle

[H]F Junkie
Joined
Jan 16, 2005
Messages
11,799
I'm looking into options to send encrypted emails. (for hipaa compliance) We have exchange 2010 and I know that has some built in features for this. I'm just wondering about other options? I have found some stuff on zixcorp products but i'm not too sure how it works does the receiver and sender both have to install software? I also checked out hushmail but there isn't much in away of explanation of how it works on both sides.

Also does google business mail support encryption?
 
I am using Cisco Ironport to do my email encryption, its actually pretty affordable. Or you can outsource to app river

Google does not support encryption from what i have worked with it
 
I think that part is indicating that you can allow unencrypted access to the mail service eg inside of a LAN or over a trusted network so you wouldn't have to reconfigure a bunch of clients. I'm assuming they'd have an option to require a TLS. The trick with that is the part that sends the notification out and the end recipient fetches it using SSL from an untrusted network.
 
k1pp3r said:
Google does not support encryption from what i have worked with it
Click to expand...

Google does support encryption - through Postini, which uses zixcorp.

I'm in healthcare too and we use Google Apps + Postini. Encryption works great. The only caveats are that for the content filters (terms it searches for in emails and attachments), in compressed files, Office '07-'10 files and PDF files - it can't search using the content filters. In those cases we have to force encryption. Otherwise it works quite well.
 
wouldn't using say OWA + outlook = encrypted since it is all done over SSL and port 443,

actually i guess that would only cover people if they were all hosted on the same mail server.... or the receiver was using SSL on their end..


note taken on the other options.
 
MrGuvernment said:
wouldn't using say OWA + outlook = encrypted since it is all done over SSL and port 443,

actually i guess that would only cover people if they were all hosted on the same mail server.... or the receiver was using SSL on their end..


note taken on the other options.
Click to expand...

No, full email encryption would require that when you send an email, it is encrypted all the way to the destination, the receiving party would then have to authenticate to the encryption gateway (Cisco) to view the email.
 
munkle said:
I'm looking into options to send encrypted emails. (for hipaa compliance) We have exchange 2010 and I know that has some built in features for this. I'm just wondering about other options? I have found some stuff on zixcorp products but i'm not too sure how it works does the receiver and sender both have to install software? I also checked out hushmail but there isn't much in away of explanation of how it works on both sides.

Also does google business mail support encryption?
Click to expand...

If you send a ZixMail to a user without Zix it sends them an email saying they have an encrypted email (stored at ZixCorp) and they go to a website that you can brand with your logo (etc), they create an account, login and can view their email securely (so for users wo Zix it never goes to their inbox).

For an exchange environment, you would have a gateway appliance that sits on your network and encrypts emails as they are sent.
 
Maybe if I'm more specific that might help. This is really only for one person (the hr lady that deals with all the insurance, and SS numbers), I'm not sure if that helps but I don't think the company is going to spring for any hardware, also I think the head IT director is leaning towards a solution that stores files on a 3rd party server as little as possible.
 
Last edited:
munkle said:
Maybe if I'm more specific that might help. This is really only for one person (the hr lady that deals with all the insurance, and SS numbers), I'm not sure if that helps but I don't think the company is going to spring for any hardware, also I think the head IT director is leaning towards a solution that stores files on a 3rd party server as little as possible.
Click to expand...

Well, it depends really who is she going to be exchanging email with, and what they can work with. There are still things like SMIME and PGP... If whoever she needs to exchange with can support those techs, then you set her up with it, and you're done.
 
You can buy Zix for one person and it is an application that is installed on the users desktop instead of going with an appliance for the whole organization.

If you dont want anything to be stored on on Zix's servers, then there are ways to go about that utilizing different methods, but i cannot speak to specifics on those due to an NDA.
 
Is this primarily for internal communications? If so and if you have a CA (which I assume you would) I'd think just issuing all users an email signing cert and publishing all the public keys to the GAL would probably be the easiest way... you can even tell outlook to auto-encrypt and/or sign all messages
 
You must log in or register to reply here.
Back
Top