RE: digital cert vs. disclaimer
- From: "Stelley, Douglas" <dstelley@xxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 2 Mar 2004 07:34:07 -0500
Encryption is coming as well :-(, we are a hospital with many
clinics and venders. We occasionally have to transmit sensitive data.
Right now we use PGP when we need to encrypt confidential mail, but I'd
like to enable Encryption & Signed mail from within Exchange. And as
always, our lawyers require us to put on the disclaimer (although it
really means nothing in court).
I don't know, when I proposed Exchange to the organization it seemed
like a great way to allow communication within & without for us. Now
that I've had it live (Exchange2000 - 1200 users) for a year, its eating
up more and more of my time to the point where its a full time job in
itself.
Don't get me wrong, I've been in IT since '86, everything from
programming in Octal, HEX and binary up to what's out there today. I've
been to as much training as I can get the companies to spring for & I do
enjoy it.
I get frustrated though, I have 3 full time jobs now (on one
paycheck of course) and its tough to keep up. As the Net admin/ firewall
admin/ security admin, my hands are full enough keeping everything
running smoothly. Since Active Directory (a HUGE improvement over NT by
the way), I've been able to to so much more with less time involved. I'm
also an Interface Admin, which allows different healthcare computer
systems to communicate via yet another language (HL7 & TCL), another
full time gig.
I figured, hey Email, piece of cake, I set up and administrated an
Exchange 5.5 shop in VA for a few years, 5000 employees, why not here? I
made the pitch, admin loved it. Now with all these friggin worms,
viruses, security holes etc, let alone all the internal whiney employees
who cant understand why they can't send/receive 50 meg files via email,
I'm goin nuts!
Now I gotta get signed, encrypted mail going (along with disclaimers
of course), sheesh.
Forgive the rant, been up late with the sick kids, here's my plight,
sorry to drone on and on.
I can't tell y'all how much time you guys have saved me, by reading
these threads, I gain so much, Thanks
If anyone out there has configured Exchange 2000 (soon 2003) to do
signed, encrypted and disclaimed mail, all from the server ( 3/4 of our
users use strait OWA to anything client side), please share...
(Exchange 2000 on Win 2000 SP4, with all mail going through mail
gateway with GFI Security & GFI Essential for filtering)
Doug
_____
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Monday, March 01, 2004 3:01 PM
To: Stelley, Douglas
Subject: FW: [exchangelist] RE: digital cert vs. disclaimer
One other thing occurred to me while thinking about this. When you
digitally sign a message, you are ensuring that it is not altered.
That's not really suited to confidential or sensitive information
transferral. For that, encryption is a better choice or even both
encryption and signature. You may have already known this, but just in
case wanted to be sure it's up front.
Al
_____
From: Mulnick, Al
Sent: Monday, March 01, 2004 12:01 PM
To: [ExchangeList]
Subject: [exchangelist] RE: digital cert vs. disclaimer
http://www.MSExchange.org/
I think you should concentrate on the exception route. Signed messages
come from the client and as such arrive at the server signed. Any
change will invalidate the signature.
Al
_____
From: Stelley, Douglas [mailto:dstelley@xxxxxxx]
Sent: Monday, March 01, 2004 10:54 AM
To: [ExchangeList]
Subject: [exchangelist] RE: digital cert vs. disclaimer
http://www.MSExchange.org/
If installed GFI Essentials on the Exchange server & had it only do the
disclaimer, wouldn't it also attach the disclaimer after it was signed?
Or maybe I should ask how I could set up to not send signed mail through
that gateway...
_____
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Monday, March 01, 2004 9:19 AM
To: [ExchangeList]
Subject: [exchangelist] RE: digital cert vs. disclaimer
http://www.MSExchange.org/
I have plenty of ideas, but you may not like any of them.
What needs to happen is that the confidential mails either need to be
excluded from the footer or you will need to add the cert signature
after the disclaimer. Either way would be different than what you're
doing now and would need a different architecture or a signature
mechanism with more intelligence to realize a message shouldn't be
changed if it is signed.
Al
_____
From: Stelley, Douglas [mailto:dstelley@xxxxxxx]
Sent: Monday, March 01, 2004 8:43 AM
To: [ExchangeList]
Subject: [exchangelist] digital cert vs. disclaimer
http://www.MSExchange.org/
We have Exchange 2000 and use a windows box as our mail gateway for the
outside world.
On the gateway, we use GFI's Security & Essentials programs for
screening. It really works well for us. Also, we Use GFI to attach our
standard disclaimer, and like that as well, BUT.
Now we have to implement certificates on some of our "confidential"
mail. When I send test messages that are signed, the gateway attaches
the disclaimer, and voila, now the massage has been altered. So then end
recipient thinks the mail is bad. Anyone have any ideas? I kind of need
both items (the disclaimer & the certificate...)
Doug
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
Confidentiality Notice: The information contained in this message may be
legally privileged and confidential information intended only for the
use of the individual or entity named above. If the reader of this
message is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any release, dissemination, distribution, or copying of
this communication is strictly prohibited. If you have received this
communication in error please notify the author immediately by replying
to this message and deleting the original message. Thank you.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
Other related posts:
