20 tips on securing Outlook in 20 minutes
"20 Tips on securing Outlook in 20 minutes" is excerpted from a chapter in Paul
Robichaux's book, Secure Messaging with Microsoft Exchange 2003 © 2004, published by
Microsoft Press.
You can download a .pdf version of a Chapter in Paul Robichaux's new book. To download
"Secure Messaging with Microsoft Exchange Server 2003," click here.
Table of contents
Understanding Outlook's security features
When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by Exchange professionals today working with Exchange, Outlook and other related technologies.
Margie Semilof, Editorial Director
Premium Access
Register now for unlimited access to our premium content across our network of over 70 information Technology web sites.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy
Dig Deeper
-
People who read this also read...
This was first published in May 2004
Customizing the Outlook Security Update
Customizing Outlook security settings for end users
Setting Up RPC over HTTP
Using S/MIME
Using Information Rights Management
Reaching into Outlook's toolbox
Understanding Outlook's security features
[ Return to Table of Contents ]
There's often a tension between convenience and security, and that's particularly true of
the security features introduced in the Outlook E-Mail Security Update for Microsoft Outlook
98 and Outlook 2000. (The update's features are built into Outlook 2002 and Microsoft Office
Outlook 2003.)
The goal of the update was to add features to Outlook to limit the spread of e-mail-borne
malware. Among other things, this required restricting users' ability to access some kinds
of attachments, like executable files and VBScripts. In addition, the security update causes
Outlook to warn users when external programs (from both Microsoft and third parties) try to
access certain properties and meth-ods.
Customizing the Outlook Security Update
[ Return to Table of Contents ]
When Outlook starts up and logs on to an Exchange server, it looks for a registry key that
tells it which version of a special public folder to look for. This folder can be named
either Outlook Security Settings (which applies to Outlook 98 and Outlook 2000) or Outlook
10 Security Settings (which applies to Outlook 2002 and Outlook 2003). Based on what Outlook
finds in the folder, it might use security settings that vary from the default. The contents
of those public folders determine which settings Outlook uses; you post messages to the
public folder using a special form.
Customizing Outlook security settings for end users
[ Return to Table of Contents ]
Setting Up RPC over HTTP
[ Return to Table of Contents ]
Using S/MIME
[ Return to Table of Contents ]
Using Information Rights Management
[ Return to Table of Contents ]
The IRM features of Outlook give senders more control over their e-mail by allowing them to
specify that a message cannot be copied, forwarded, printed, or used past a certain date.
It's important to point out that this protection is not absolute: a clever recipient can
always use a digital camera to snap a quick picture of the message on screen; failing that,
a pencil and paper allow even technophobes to accurately capture message content. The point
of IRM, though, is to make accidental misuse of content less likely and to provide some
degree of protection against purposeful misuse, and for those purposes it's successful.
To use IRM, your users will need a server running Windows Server 2003 and Windows RMS set up
inside your corporate firewall. Microsoft has taken the wise step of making an RMS server
available to anyone with a Microsoft Passport account. This service allows use of RMS with
some caveats, the biggest being that it's a free, trial, unsupported service. It's a good
way to experiment with RMS features, though; it's likely that Microsoft will extend this
into some kind of paid service for people who want RMS functionality without the overhead of
maintaining their own RMS locally.
Reaching into Outlook's toolbox
[ Return to Table of Contents ]
You can download a .pdf version of a Chapter in Paul Robichaux's new book. To download
"Secure Messaging with Microsoft Exchange Server 2003," click here.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several
books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server, and a
frequent speaker and presenter at IT industry conferences. He's written software for
everyone from the US National Security Agency to scientists flying their experiments aboard
the Space Shuttle, fixed helicopters in the desert, and spent way too much time playing
video games.
Disclaimer:
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
