Focus on Microsoft
RE: HOW TO encrypt and store mail Jan 12 2011 05:30PM
Edgar Zapata (edgar zapata sitel com) (5 replies)
Re: HOW TO encrypt and store mail Jan 12 2011 06:27PM
Alex (alex tsr gmail com) (1 replies)
Re: HOW TO encrypt and store mail and PCI DSS Skepticism Jan 12 2011 07:37PM
Eric C. Lukens (eric lukens uni edu) (1 replies)
RE: HOW TO encrypt and store mail and PCI DSS Skepticism Jan 13 2011 03:42AM
Thor (Hammer of God) (thor hammerofgod com)
RE: HOW TO encrypt and store mail Jan 12 2011 06:00PM
Ahmed Helal (ahelal muzaini com)
Re: HOW TO encrypt and store mail Jan 12 2011 05:52PM
Laurent Barbier (lbarbier arkane-studios com) (1 replies)
If you even don't trust your sys admin then there is nothing you can do
... There are sys admin, they can do all what they want.

I don't understand why with a 2008 domain & Exchange you would use a
deprecated end user application like Outlook Express ?!

If you are concerned about security , give a try to OWA, nothing will be
stored / cached on the user end, full SSL with https.

For the server part, did you tried something like EFS or bitlocker, it's
possible to use such a feature on windows server.
With such a solution, extracting the filesystem from the server would be
pointless because the FS or the files would be encrypted.

Regards,
Laurent

On 12/01/2011 18:30, Edgar Zapata wrote:
> Thanks Kurt.
> I guess that won't do. As far as I know, and based on the tests that we've been performing, it only provides for a way so in case the disks are robbed/stolen they won't be readable unless you have a key (stored in a say removable USB drive).
> It won't prevent the system admin from reading the contents of the mails or even making copies of the .edb and .stm files for later misues.
>
> We're still searching and testing so I'm open to suggestions.
>
> Thank you.
>
>
> Edgar Zapata
> EMEA Data Systems
> +34 913.797.460 T
> +34 680.398.372 M
> edgar.zapata (at) sitel (dot) com [email concealed]
>
> Sitel
> Calle Impresores, 20 - Planta 2
> Parque Empresarial Prado del Espino
> Boadilla del Monte - Madrid 28660
> SPAIN
> www.sitel.com
>
> Please consider the environment before printing.
>
> -----Mensaje original-----
> De: Kurt Dillard [mailto:kurtdillard (at) msn (dot) com [email concealed]]
> Enviado el: miércoles, 12 de enero de 2011 18:22
> Para: Edgar Zapata; focus-ms (at) securityfocus (dot) com [email concealed]
> Asunto: RE: HOW TO encrypt and store mail
>
> Your using Windows Server 2008, so why not use BitLocker to encrypt the entire drive?
>
> Regards,
>
> Kurt
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Edgar Zapata
> Sent: Wednesday, January 12, 2011 8:09 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: HOW TO encrypt and store mail
>
> Hello,
>
> We are looking for a solution to store and encrypt mails.
>
> We need to comply with PCI (Payment Card Industry) standards.
> We have Windows 2008 and Exchange 2007 SP2.
>
> So far, we haven't found a way to encrypt and store mail in Exchange.
> We'll be encrypting communications with TLS.
>
> Plus, we need to use OE (Outlook Express) so we can use IMAP for incoming mail and SMTP for outgoing e-mail.
>
> Any ideas/suggestions are more than welcome.
>
> Thank you.
>
>
> **CONFIDENTIAL NOTICE**
> This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.
>
> **CONFIDENTIAL NOTICE**
> This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.

[ reply ]
RE: HOW TO encrypt and store mail Jan 12 2011 06:44PM
rwagg (at) robhome (dot) com [email concealed] (rwagg robhome com)
Re: HOW TO encrypt and store mail Jan 12 2011 05:49PM
arjunvyavahare yahoo com
RE: HOW TO encrypt and store mail Jan 12 2011 05:38PM
Kurt Dillard (kurtdillard msn com) (3 replies)
RE: HOW TO encrypt and store mail Jan 12 2011 07:23PM
Dave Balogh (Dave Balogh ivans com)
RE: HOW TO encrypt and store mail Jan 12 2011 06:33PM
Staats, Ryan (ryan staats sno wednet edu)
RE: HOW TO encrypt and store mail Jan 12 2011 06:21PM
Chinnery, Paul (PaulC mmcwm com)


 

Privacy Statement
Copyright 2010, SecurityFocus