Software to encrypt email on Exchange 2003

We're a Windows Shop with Exchange 2003. I have been tasked with looking into some ways to encrypt certain emails. Does anyone have any ideas?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

ilcram19-2

S/MIME or securing you email connection with SSL.

Usually S/MIME will allow you to digitally signed email and encrypted it with a recivers
digital signature so that other person will be able to open with his private key and vice versa with any user that you need to encrypt email with.

using ssl will allow you to secure/encrypt the connections to the server all the time. thats are the only things avaliable in exchange 03

qwertyiop

Ive seen some 3rd party software that can be installed on the users computers so that they just have to click on encrypt to encrypt that email. Have any of you had experience with any of these programs that adds a add-on to Outlook for the encryption?

veritas_libertas

I have used PGP and OpenPGP. Both work very well.

Claymoore

qwertyiop wrote: »

Ive seen some 3rd party software that can be installed on the users computers so that they just have to click on encrypt to encrypt that email. Have any of you had experience with any of these programs that adds a add-on to Outlook for the encryption?

I have experience with client-side software, and I can tell you that you should consider that option only as an absolute LAST resort. I inherited a client-side PGP solution at a previous job and it was a complete nightmare to support. Our users moved quite a bit and even with roaming profiles the software always had to be re-installed or re-activated. Our main help desk tech eventually had the long, random character activation key memorized!

The sofware itself was bad, but the worst part was that it required end-users to do a couple of things, and we all know users can be unreliable. One, they had to remember the passphrase for their key. Users forget the passwords they use every day, so imagine how difficult it was for them to remember a password for a service they used very rarely. There was no way to recover from a lost password so the keys had to be recreated and redistributed. Two, the users had to remember to encrypt the email. I would guess that our compliance was maybe 20%.

You need to figure out if you are required to encrypt the email in transit or the email at rest. We were only required to encrypt the email in transit so I switched them to TLS to secure the SMTP connection between the local and remote servers. Before we switched to TLS, we considered an IronPort appliance for encryption of individual emails. The appliance handles the keys and it has regular expression transport rules to examine emails for strings like social security numbers to automatically encrypt the emails the users forgot so there is nothing for the users to mess up.

I recommend you look at TLS or an IronPort (or similar) device. Only consider a purely client-side solution if you plan on quitting soon and you hate your IT coworkers.

Chivalry1

I have worked with multiple PGP client side/server side email encryption solutions. Let me save you the trouble and recommend you look at buying a dedicated appliance.

Problem #1: Adding the encryption software just slows down the client computer. Since the application will likely be going on the high profile users desktops, the processing overhead for encryption will make you a very unpopular IT administrator. Often the software needs to be reinstalled after Office updates/patches. **Note: Encrypting emails at the desktop level turns into a e-discovery/troubleshooting nightmare.***

Problem #2: Installing encryption software on the Exchange server is a bad ideal; especially Exchange 2003. Once again processing overhead on the exchange server will be overwhelming. Those phone calls to the help desk about slow emails will eventually overwhelm you.

Solution #1: Identify the business drivers. If they are interested in just encrypted emails to certain domain, TLS encryption is the cheaper and wiser choose.

Solutions #2: To avoid sounding like a commercial, Cisco Ironport has a GREAT product. Its policy based encryption is the best in the industry. Of course that maybe a little bias coming from a CICSP. So another options is McAfee - enterprise - McAfee Email Gateway

brad-

My previous job used PGP...as a user ( I was not IT there ) I had no problems.