What should you do to design a message encryption solution that meets the following requirement?

You are the messaging engineer for your company. Your company has an Exchange Server 2007 messaging system.

You need to design a message encryption solution that meets the following requirements:

Users must be able to encrypt e-mail messages sent to other company users or to the Internet.

Administrators must be able to revoke or deploy client certificates.

Deployed client certificates must be trusted by client computers located on the company network or on the Internet.

What should you do? (Each correct answer presents part of the solution. Choose two.)

You are the messaging engineer for your company. Your company has an Exchange Server 2007 messaging system.

You need to design a message encryption solution that meets the following requirements:

Users must be able to encrypt e-mail messages sent to other company users or to the Internet.

Administrators must be able to revoke or deploy client certificates.

Deployed client certificates must be trusted by client computers located on the company network or on the Internet.

What should you do? (Each correct answer presents part of the solution. Choose two.)

A.
Deploy e-mail certificates to all users on the network by using Group Policy Objects.

B.
Instruct all users to request e-mail certificates from a public third-party certificate authority (CA).

C.
Create an IPsec policy in the Active Directory. Deploy the IPsec policy to all Exchange servers and client
computers on the network.

D.
Install and configure a CA on a member server on the network. Specify a commercial CA certificate when
installing the CA.

E.
Install and configure a CA on a member server on the network. Use all default settings when installing the
CA.

Explanation:
S/MIME functionality enables users to send signed and/or encrypted email to one another from a variety of devices, including Outlook, OWA, and Mobile 6.0 using ActiveSync.

S/MIME is a standard for PKI encryption and email signing, encapsulated in MIME. Its built into and interoperates with the majority of modern mail programs and provides the following cryptographic security services: authentication, message integrity, non-repudiation of origin (using digital signatures) and privacy and data security (using encryption).

Before an application can use S/MIME, an individual key/certificate from either an internal or public CA must be installed. Best practice is to use separate private keys (and associated certs) for signature and encryption, since this permits escrow of the encryption key without compromise to the non-repudiation property of the signature key.

Encryption requires having on store the cert of the destination party. Typically, this is automatic upon receiving an email from this person with a valid signing cert.

A basic personal cert binds the owner to a particular email address, but doesnt verify his name or business. The latter, if needed (e.g., for contract signing), can be obtained from CAs offering digital notary service.

Depending on the policy of the CA, your cert and all its contents may be publicly posted for reference and verification. This exposes your name and email address to public scrutiny and search. Some CAs post only serial numbers and revocation status, without personal information. The latter, at a minimum, is mandatory to uphold the integrity of the PKI.

http://www.wilsonmar.com/1certs.htm

http://en.wikipedia.org/wiki/S/MIME

Windows Rights Management is data protection technology, working with RMS-enabled apps to safeguard digital information from unauthorized exploitation.

http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *