Mark,
Jon raises the critical issues. It would be neat if we had a standard.
Your CEO needs to be aware of these issues (not simply loss of data),
prior to implementing any policy or software solution.
Agreed, why don't we take this offline.
Can we set up a small forum to discuss the various alternatives?
Regards,
Steve
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Peoples
> Sent: Thursday, September 13, 2001 01:05
> To: Exchange Discussions
> Subject: RE: Encryption
>
>
> I have raised the potential loss of data issue - For both
> file and e-mail
> encryption. This is one of our biggest concerns. By their
> very nature...
> Exec's seem to lose / misplace / delete information and get
> themselves into
> many, many interesting and mind boggling scenarios. Adding
> another option
> for them to cause problems makes me very uneasy and cautious indeed.
>
> The potential penetration of viruses issue is a good one...
> that will be
> raised at the next ooportunity I have to do so.
>
> Ed, I doubt the CEO is aware of the fact that he must
> co-ordinate with his
> recipients. This may be a turning point for the notion. Given
> the company is
> moving into a really busy period... having to co-ordinate
> with recipients
> increases the size of the 'project' significantly.
>
> Thanks and Peace to all.
> MP
>
>
>
> > -----Original Message-----
> > From: Ed Crowley [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, 13 September 2001 9:36 AM
> > To: Exchange Discussions
> > Subject: RE: Encryption
> >
> >
> > Is your CEO aware that the person with whom he is
> > corresponding must also
> > use the same encryption tool he uses? That is, that such a
> > desire requires
> > coordination with all of his correspondents?
> >
> > Ed Crowley MCSE+Internet MVP
> > Tech Consultant
> > Compaq Computer Corporation (soon to be HP)
> > All your base are belong to us.
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Peoples
> > Sent: Wednesday, September 12, 2001 4:24 PM
> > To: Exchange Discussions
> > Subject: RE: Encryption
> >
> >
> > Many, many Good points. Allow me to elaborate...
> >
> > CEO of company has ants in the pants about encryption all of
> > a sudden. He
> > wants his mail and the mail of the top exec's to be
> > encrypted for both
> > internal and external mail. As most CEO's do, He wants it
> > yesterday but the
> > people that need to know find out today.
> >
> > He also wants the ability to encrypt files. I will treat this
> > as a side
> > issue and not in the scope of this discussion because this has wider
> > implications that need to be discussed internally before a
> > solution can be
> > sought. In fact the whole damn topic needs to be discussed
> > off line... but
> > I'll take care of that. I wholly with you agree about the
> > security policy -
> > that should come first and set the stage for the implementation.
> >
> > I guess what I am asking is, for e-mail encryption (that is
> my primary
> > concern at this stage) is it better for client based
> > encryption via PGP
> > addin to Outlook (or digital ID), or server based encryption?
> > I see Mail
> > Essentials from www.GFI.com have a server based solution. If
> > we can, we
> > would like to avoid having a Key Mgmt server... but if we
> > need to get one
> > then I am happy to take that course of action too.
> >
> > Our desktop support group have managed to crash 2 of 3
> machines while
> > testing Outlook PGP plugin. we are not looking too
> favourably on that
> > solution at the moment. Verisign digital ID's for the exec's
> > seems to be the
> > way to go at the moment...
> >
> > If it helps, we are running Win2k and E2k server. Mail
> > clients are running
> > either Win2k Professional or NT4 and OL 2000.
> >
> > Thanks for your assistance so far... VERY VERY helpful and
> > encouraging!
> > MP
> >
> >
> > > -----Original Message-----
> > > From: Jon Lucas [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, 13 September 2001 2:12 AM
> > > To: Exchange Discussions
> > > Subject: RE: Encryption
> > >
> > >
> > > Well, since it appears this thread has taken a turn for the
> > > obscure, I will
> > > respond to your original post.
> > >
> > > I usually just listen to this list, but this is actually
> > > something of which
> > > I have some level of knowledge. I won't discuss my
> affiliation with
> > > VeriSign except to say that I do not work for them. It is my
> > > opinion that
> > > VeriSign has the best solution for implementing a managed PKI
> > > solution for
> > > Exchange. We can discuss that in subsequent emails since I
> > > am now getting
> > > ahead of the encryption discussion.
> > >
> > > Where any discussion of PKI starts is with clearly defined
> > > organizational
> > > objectives. You simply do not want to try to deploy PKI as
> > > your solution.
> > > That is not a clearly defined objective. You need to
> > > identify what it is
> > > that you are interested in securing; you external
> > communications with
> > > partners, your internal communications between employees
> > and HR, your
> > > network communication, authentication, building access etc. Your
> > > organization needs to have a security policy. This involves
> > > your entire
> > > enterprise, not just your Exchange organization. It may
> > > sound like a rant,
> > > but by implementing a method of encryption, you can
> > > potentially undermine
> > > other objectives such as protecting your company from viruses.
> > >
> > > For example, you may decide to implement a solution that
> gives every
> > > employee a digital ID and ensures that it gets inserted into
> > > the Exchange
> > > GAL or Active Directory. This enables any employee to simply
> > > sign and/or
> > > encrypt email to others in the directory. You may also as
> > > part of your
> > > security policy, require employees to sign all email messages
> > > by default.
> > > Should that employee receive a virus in email, most likely
> > > the virus will
> > > proliferate with signed messages. Other employees will
> > > undoubtedly produce
> > > further infections. But wait, you have antivirus software
> > > correct? Your
> > > antivirus software may be unable to effectively disinfect a
> > > signed message.
> > > It will most definitely be unable to disinfect if this
> > happens with an
> > > encrypted message.
> > >
> > > Not likely? I have seen it happen using Exchange and x.509
> > > certificates and
> > > Groupshield. This is a little secret that no one is talking
> > > about right
> > > now. Sooner or later someone is going to write a virus that
> > > takes advantage
> > > of this type of configuration. Right now I wouldn't expect
> > > it, but as more
> > > people deploy this kind of solution, I would expect a virus
> > > writer to alter
> > > their code.
> > >
> > > Understanding the implications of encryption and having
> > > clearly defined
> > > objectives will save your backside when the fecal mass hits
> > > that thing that
> > > thing you just turned on in your office to cool you off
> > because you're
> > > sweating while you rush to manually clean out signed lovebugs
> > > from your
> > > information store and hope none of your users open and execute the
> > > attachment on an email message that just came from a fellow
> > > employee, signed
> > > with a digital ID.
> > >
> > > End of rant....
> > >
> > > Some technical information...
> > >
> > > You can obtain a digital ID from VeriSign, or one of the
> > > other CAs, for
> > > signing email. Make sure your IMC is configured with the
> > > option "Clients
> > > support S/MIME" enabled. This is not enabled by default.
> > >
> > > Your turn.
> > >
> > > -Jon
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Mark Peoples
> > > Sent: Tuesday, September 11, 2001 4:21 PM
> > > To: Exchange Discussions
> > > Subject: Encryption
> > >
> > >
> > > Hi,
> > > I have checked the FAQ and have not found any suggestions...
> > > so I will put
> > > it to the experts.
> > >
> > > Does anyone have a preferred product or solution for e-mail
> > > encryption?
> > > Management here are looking at installing PGP and are also
> > > looking at a
> > > Verisign product. Does anyone have any good / bad experience
> > > with either of
> > > these products or any others?
> > >
> > > Previously I have had a few bad experiences with PGP software
> > > so I may be a
> > > bitbiased against it - hence I am looking to see what the
> > > general consensus
> > > is...
> > >
> > > Thanks in advance,
> > > MP
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Archives: http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe: mailto:[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > >
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Archives: http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe: mailto:[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > >
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
