Contact Us   |   FAQ   |   Cart/Checkout
  |   Register   |  
Search  
SHOP BY TOPIC

The Microsoft Outlook E-Mail and Fax Guide

Last Updated 7/27/2009 2:10:28 PM


Chapter 20: Securing Messages with Outlook

This chapter looks at one of Outlook's more advanced features — the ability to send secure messages through the security facilities of Microsoft Exchange Server and Microsoft Fax.

In this chapter, we look at one of the more advanced features of Microsoft Outlook — the ability to send secure messages through the security facilities of Microsoft Exchange Server and Microsoft Fax.

Two kinds of security are involved:

  • Privacy — hiding the contents of a message from everyone except the intended recipient
  • Authentication — adding a digital "signature" to positively identify the sender and prove that the message has not been changed since it was sent
Both use a system of keys to lock and unlock these features. The sender encrypts or signs a message using a private key available only to that user. Recipients decrypt the message or verify the signature with a public key that the user has distributed. Public keys should be sent to recipients by a secure method (which may rule out e-mail). In some cases, they may be stored on public key servers.

Key-based security is built into Microsoft Fax and Microsoft Exchange Server but works only with those services. To protect messages sent via the Internet, you can use either PGP (Pretty Good Privacy) or S/MIME (Secure/Multipurpose Internet Mail Extensions). For more about those methods, see "For More Information" at the end of this chapter.

WORKING WITH MICROSOFT EXCHANGE SERVER SECURITY

With Microsoft Exchange Server security, keys for the entire organization are maintained by a key management server integrated with Exchange Server. All you have to do is enable your own mailbox for security.

Setting Up Exchange Server Security

To enable Exchange Server security, the Exchange Server administrator creates an advanced security token, a series of characters that you must enter to generate your security credentials. After you get the token from the administrator, follow these steps:

Special Note: You need to have the Digital Security add-in loaded before you can enable Exchange Server security. Normally, it's added automatically when you install the Microsoft Exchange Server service. However, if you don't see a Security tab in the Options dialog box, switch to the General tab and click Add-In Manager. Click Install and add Etexch.ecf to the installed add-ins.

  1. Choose Tools, Options, then switch to the Security tab and click the Set Up Advanced Security button.
  2. In the Setup Advanced Security dialog box (Figure 20.1), enter the token you received from the Exchange Server administrator. Also enter a password, then confirm it. This password must be at least six characters long.
  3. A default security file location is created for you, but you can change it.
  4. Click OK to send a request to enable security to the key management server. Click OK again to close the Options dialog box.
  5. In a few minutes, you should receive a Reply from Security Authority message. Open it, then, when prompted, enter the security password you gave in step 2. You see a message that your mailbox is now enabled for security.
  6. You can optionally choose Tools, Options again, and return to the Security tab (Figure 20.2) to set up default security options for all messages. You have these choices.
    • Encrypt message contents and attachments
    • Add digital signature to message
  7. Click OK to close the Options dialog box when you've finished working with security options.
Unless you exchange messages only with other people using Exchange Server security, I recommend that you leave the "Encrypt message contents and attachments" option in Figure 20.2 unselected. However, you may want to go ahead and select "Add digital signature to message" because it won't hurt to send a digitally signed message to someone who isn't using Exchange Server security.

Using Exchange Server Security

Whenever you use Exchange Server security, you are prompted to enter the security password (the one you entered during security setup) in the Microsoft Exchange Security Logon dialog box, shown in Figure 20.3. This dialog box appears when you send or receive a message with security.

If you forget your password, you must check with your Exchange Server administrator to get a new token to re-enable security.

Sending a Secure Message

To send an encrypted or signed message, you must use Exchange Server addresses from the Global Address List or, if you are using Exchange Server 5.0, from people in your Personal Address Book (PAB) with whom you've exchanged security keys (see "Exchanging Security Keys with Other Exchange Server Users" later in this chapter).

Before you send the message, click one or both of the security buttons on the toolbar — Seal Message with Encryption or Digitally Sign Message (see Figure 20.4).

You can also choose File, Properties, then switch to the Security tab (Figure 20.5) and check either "Encrypt message contents and attachments," "Add digital signature to message," or both.

If you choose to send an encrypted message to recipients who are not enabled for Exchange Server security, you'll get a warning message and the opportunity to send the message anyway or cancel it.

Receiving Secure Messages

When you receive an encrypted message, it appears in the Inbox with a different icon, an envelope with a lock. A message that is digitally signed, but not encrypted, uses an envelope with a pen for its icon. AutoPreview will not show any text for an encrypted message.

Open the message, entering your password in the Microsoft Exchange Security Logon dialog box (Figure 20.3) if it appears. If the message was digitally signed, the toolbar will include a new button, shown in Figure 20.6. Click it to view the Verify Digital Signature dialog (Figure 20.7).

Using Exchange Server Security in Multiple Locations

You can copy your security file to another system, which is handy if you work on more than one machine. Follow these steps:

  1. Copy the file listed on the Security tab in the Options dialog box (Figure 20.2) to the second computer.
  2. On that system, choose Tools, Options, then switch to the Security tab.
  3. Click the Browse button. In the Locate Security Profile dialog box, select the security file you copied in step 1, then click the Open button.
  4. Click OK to close the Options dialog box and enable security for your mailbox on this machine.
If you are working remotely, be sure to download the full Global Address List (see "Synchronizing Addresses" in Chapter 12). You can't send encrypted messages with the smaller version of the Global Address List that does not include security details.

Rate this:
Recent Comments
There are currently no comments. Be the first to make a comment.
Ads by Google
Sponsored Links
Featured Links
© 2010 Penton Media, Inc.  |  Terms of Use  |  Privacy Statement