Cisco Cisco Email Security Appliance C370 Weißbuch
© 2016 Cisco and/or its affiliates. All rights reserved.
3
Preface
This document is for Cisco customers, Cisco channel partners and
Cisco Engineers setting up secure communications via email using
S/MIME.
Secure/Multipurpose Internet Mail Extensions or S/MIME is one of the
ways to achieve end-to-end secure communication. In this document
we will focus only on S/MIME.
S/MIME is corporate-friendly because it is built into most email clients
versus PGP (Pretty Good Privacy), which is old and requires plugins.
S/MIME encryption on Cisco Email Security has complete feature parity
across all deployment methods – Cloud Email Security (CES), Email
Security Appliance (ESA) or Email Security Virtual Appliance (ESAV).
S/MIME is a security feature that does not require any additional license.
S/MIME uses asymmetric encryption technology and provides gateway-
to-gateway and end-to-end message encryption.
S/MIME offers support for mobile devices.
S/MIME does not provide reliable read receipts. The key revocation is
possible, but complex and it uses an optional PKI infrastructure for key
storage.
S/MIME is built on open standards.
In this tutorial document you will learn how to securely send messages
via email that are encrypted and signed and only the intended recipient
of that message will be able to decrypt or decode the message. The
signature helps in verifying that the email is unaltered using checksum
and it is from the actual sender and not from someone else, i.e. to
prevent the forgery of email.
Introduction
This document covers the following:
•
What is S/MIME – basic definition?
•
What is needed to enable S/MIME on Cisco Email Security?
•
Scenario: business-to-business
•
Scenario: business-to-consumer
•
Cisco Email Security S/MIME certificate installation requirements
•
Creation of S/MIME certificate in a test environment
•
Importing a certificate
•
Associate a PEM certificate to S/MIME public keys
•
S/MIME verification and decryption flowcharts
•
S/MIME verification and public key harvesting features – mail flow
policies
•
S/MIME sending profiles configuration
•
S/MIME reporting and tracking
Technical Details
What is S/MIME – Basic definition?
S/MIME is an email security protocol that was designed to prevent
the interception and forgery of email by using encryption and digital
signatures. S/MIME builds security on top of the MIME protocol and is
based on technology originally developed by RSA Data Security, Inc.
What is needed to enable S/MIME on Cisco Email Security?
1. Certificates to help identify the organization rather than the
individual user without requiring that all end users possess their own
certificates.
Cisco Email Security provides the following S/MIME security services
for business-to-business (B2B) and business-to-consumer (B2C)
scenarios:
•
Sign, encrypt, or sign and encrypt messages using S/MIME.
•
Verify, decrypt, or decrypt and verify messages using S/MIME.
Note:
Cisco Email Security allows you to create a self-signed S/MIME certificate,
which provides customers with a self-signed certificate that they can use;
however, depending upon specific business restrictions and requirements, Cisco
Email Security also provides a way to generate a certificate signing request (CSR).
Customers can the submit this CSR to the trusted certificate authority and get a
certificate they can import that meets their organization’s business requirements.
Cisco Email Security How-To Guide
How-To Secure Communications
Cisco Public