1 / 66

Safeguarding Our Email

TLS Webinar. Safeguarding Our Email. Via TLS. Presented by: Jim Rogers, Director of Distribution Technology, The Hartford Tim Woodcock, President, Courtesy Computers Jeff Yates, Executive Director, Agents Council for Technology Webinar will begin shortly!. TLS Webinar.

viet
Download Presentation

Safeguarding Our Email

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TLS Webinar Safeguarding Our Email Via TLS Presented by: Jim Rogers, Director of Distribution Technology, The Hartford Tim Woodcock, President, Courtesy Computers Jeff Yates, Executive Director, Agents Council for Technology Webinar will begin shortly!

  2. TLS Webinar Safeguarding Our Email Via TLS Presented by: Jim Rogers, Director of Distribution Technology, The Hartford Tim Woodcock, President, Courtesy Computers Jeff Yates, Executive Director, Agents Council for Technology 2

  3. Agenda Submit questions via the Question & Answer Log First 40 Minutes: • eMail Usage • Security - Why you should care • Benefits • Resources • Q&A– Last 20 Minutes: • TLS Configuration of MS Exchange 2007 • Q&A

  4. Background • Email has become a major component in every day agency/carrier business interactions. • Mail sent over the Internet is typically unprotected • The need to protect email continues to grow • The use of, and reliance on, email within core business workflows will continue to increase

  5. Why Protect e-Mail? • e-Mail often contains sensitive customer information • Required by business contract • Is easily accessible to prying eyes on the Internet • Mandated by regulation

  6. Existing Regulations and Standards • Gramm-Leach-Bliley Act (GLBA) Standards for Safeguarding Customer Info. • non-public personal information (NPPI) in paper, electronic, or other form • NPII: personally identifiable information provided by a consumer or resulting from a transaction for a consumer • written information security program to address internal/external risks • physical, technical and administrative safeguards • oversee service providers • Security Breach Notification Laws (Various states) • first/last name and SSN/drivers license/state ID/financial account + password • when not encrypted • must notify any resident of the state of a breach without unreasonable delay • Payment Card Industry Data Security Standards (PCI-DSS) • cardholder data • certification of compliance with PCI-DSS depending upon level of merchant • firewall, encryption in storage/transmission, antivirus, etc. • assign individual user IDs

  7. Recent Regulatory Developments • Nevada 597.970 • “Restrictions on transfer of personal information through electronictransmission” • Massachusetts 201 CMR 17.00 • “Standards for The Protection of Personal Information of Residents of the Commonwealth” • California Department of Motor Vehicles • “On-Line DMV Special Permit Program”

  8. TLS: Transport Layer Security • Provides secure e-Mail communications across the Internet through a standardized, secure, and non-proprietary mechanism • Eliminates the “drawbacks” that plague the commonly used tools and services • Is built-in to most modern e-Mail systems and just needs to be “turned on” by your technology professional

  9. How Does TLS Work ? • At transmission time, TLS creates an encrypted communication session between email servers • The e-Mail is then sent through a protected “tunnel” • The servers de-crypt the message and send it along to the client Encrypted Agency Partner Carrier Client Client

  10. Transport Layer Security: TLS Encrypted Message “$erm840 kkfd8820& l1k6ss” “My ssn is: 999 65 9999” “My ssn is: 999 65 9999” • Safe/Secure • Standard Protocol • Available on most email systems • Transparent to end-users • Eliminates the need for hosted services • Negligible cost

  11. Benefits of TLS • Provides the confidentiality of emails across the Internet • Requires no changes to the client • Is a standards-based protocol that is implemented on most e-Mail gateways and appliances • It’s free, no additional licensing is needed. Security certificate is required.

  12. How Do I Get TLS ? • TLS is a standards-based protocol enabled on most server-based email systems • Talk with your system support staff or e-Mail service provider • Most agencies that have an up-to-date in-house mail server are TLS capable. Agencies with a hosted Microsoft Exchange server are TLS capable as is gmail. Those with hosted email using hotmail and yahoo are not currently TLS capable

  13. Detecting TLS • Talk to the email server administrator • Some email contains a tag line if sent via TLS…. at the bottom of the email • More on this in our technical discussion How do you determine if TLS is active….

  14. Carriers supporting TLS Some carriers are TLS enabled automatically for their agents who send emails with TLS to them; others activate agencies for TLS only upon request. Please check with your carrier or look in the “Security & Privacy” section on ACT website for specific carrier info: • Allied/Nationwide • Chubb • Cincinnati • CNA • Concord Group Insurance • EMC • Fireman’s Fund • Grange Insurance • Harleysville • The Hartford • Liberty Agency Markets • MetLife – MetLife Auto & Home • MMG Insurance • OneBeacon • Progressive • RLI Corporation • Summit Holdings • Travelers • Westfield • W.R. Berkley Companies Note: for updated list of carriers supporting TLS see “Agency Security” Section of www.independentagent.com/act or ask you carrier

  15. MS Exchange 2003 – TLS Required Mode Both the sender and the receiver must maintain a directory of each other’s email domains in order for a TLS encrypted email to be exchanged If the receiver has TLS enabled in opportunistic mode, not Required mode, the email will still transmit in an encrypted format. If the receiving party does not have TLS enabled, the sender’s email will be sent but it will not be encrypted. MS Exchange 2003 TLS Required Mode MS Exchange 2007 TLS Opportunistic Mode Protected Tunnel Encrypted Insurance Agent Carrier Rep No TLS encryption enabled TLS enabled Email Solution Email sent/received is not encrypted! Policyholder Policyholder

  16. MS Exchange 2007 – TLS Opportunistic Mode • A sender with TLS Opportunistic Mode enabled will check to see if the receiver has TLS enabled. If the • receiver has TLS Opportunistic turned on, the outgoing email will be encrypted. If he does not, there are • two potential scenarios depending on the sender’s infrastructure. • the email is sent out with no encryption • the sender sends the email out via an encryption tool such as Tumbleweed or ZixSelect MS Exchange 2007 TLS Opportunistic Mode MS Exchange 2007 TLS Opportunistic Mode Protected Tunnel Encrypted Insurance Agent Carrier Rep No TLS enabled TLS enabled Email Solution - OR - Email sent/received is not encrypted! Email sent via Tumbleweed with a secured link that the user opens Policyholder Policyholder

  17. TLS Summary

  18. Additional Considerations • Important to have your technical support implement TLS • Your technical support can tell you which of your carriers and clients are enabled for TLS • If using an external spam/anti-virus filter, you need to make sure it is enabled for TLS. • Also, some of these external spam/anti-virus providers offer a hosted email option that can be enabled for TLS • Many hosted email solutions are not enabled for TLS (e.g., hotmail and yahoo), but gmail provides some secure options • You also need to make sure that the connections between your email server and your remote computers and mobile devices are encrypted • Use your real-time tools wherever possible to transmit client personal information because it is encrypted • If TLS or Real Time not available, send application information using a password protected pdf or zip file

  19. Feedback - TLS Article 19

  20. Feedback - FAQs 20

  21. TLS Links • ACT Web site for TLS Article,FAQs, & TLS enabled carriers • www.independentagent.com/act • “Security & Privacy” Quick Link • Technical Links • http://msexchangeteam.com/archive/2006/10/04/429090.aspx • http://technet.microsoft.com/en-us/library/bb430753(EXCHG.80).aspx

  22. How to Configure TLS • Will cover how to procure SSL Certificates • Representative purposes only and steps here may not be suitable for all environments • Will cover Exchange 2003 and 2007 • If you are on a different platform, please consult your technical support

  23. Several Sources for Security Certificates certificate authority (CA) -an entity that issues digital certificates Verisign http://www.verisign.com Network Solutions http://www.networksolutions.com GoDaddy http://www.godaddy.com Comodo  http://www.comodo.com/ Digi-Sign http://www.digi-sign.com HOW TO: Use Certificates with Virtual Servers in Exchange Server http://support.microsoft.com/kb/319574/ 23

  24. Difference between Exchange 2003 & 2007 • Exchange 2003 • requires a valid X.509 server certificate (suitable for TLS usage) • DOES NOT support ‘Opportunistic TLS’ • Requires to manually configure TLS (minimum 6 steps) • Difficult to monitor TLS transmit-receive success/failures • Exchange 2007/2010 • requires a valid X.509 server certificate (suitable for TLS usage) • ‘Opportunistic TLS is automatically enabled (by default) • Easy to monitor TLS transmit-receive success/failures • Greater Message Control with Robust ‘Transport Rules’ Features • Block, Bounce, Copy, append, Send to Archive, Quarantine 24

  25. Verifying successful TLS sessionwith MS Office 2007 25

  26. Questions So Far before Technical Demonstration

  27. Follow Up • Follow up email with our email addresses • PowerPoint & Recording of presentation posted on “Security & Privacy” link at www.independentagent.com/act • See more detailed info about security & privacy laws and regulations in the Appendix section of the posted PowerPoint

  28. Mutual TLS • With Mutual TLS authentication, each server verifies the identity of the other server by validating a certificate that is provided by that other server. • In this scenario, where messages are received from external domains over verified connections in an Exchange 2007 environment, Microsoft Office Outlook 2007 will display a ‘Domain Secured’ icon.

  29. Mutual TLS Enabling Process with Exchange 2007 • Process for ‘Server to Server’ Mutual TLS • Configure an additional IP Address (as necessary) • Create & Configure the SMTP Send Connector • Create & Configure SMTP Receive Connector • 4. Test & Verify Mutual TLS between remote domain server

  30. Mutual TLS Enabling Process with Exchange 2007 • Mutual TLS Demonstration Scenario • Insurance Carrier requires a ‘Mutual TLS’ Session between their mail server and the agency’s mail server • Small agency with single Microsoft Exchange Server • No ‘Edge Transport Servers’ are present in their network.

  31. Verifying x.509 Certificate in Exchange 2007 31

  32. Verifying x.509 Certificate in Exchange 2007 32

  33. Verifying x.509 Certificate in Exchange 2007 33

  34. Configure Additional IP Address (as needed)

  35. Configure Additional IP Address (as needed)

  36. Configure Additional IP Address (as needed)

  37. Configure Additional IP Address (as needed)

  38. Configure Additional IP Address (as needed)

  39. Configure Additional IP Address (as needed)

  40. Configure Additional IP Address (as needed)

  41. Create Send Connector for Mutual TLS

  42. Create Send Connector for Mutual TLS

  43. Create Send Connector for Mutual TLS

  44. Create Send Connector for Mutual TLS

  45. Create Send Connector for Mutual TLS

  46. Create Send Connector for Mutual TLS

  47. Create Send Connector for Mutual TLS

  48. Create Send Connector for Mutual TLS

  49. Create Send Connector for Mutual TLS

  50. Create Send Connector for Mutual TLS

More Related