Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-4
Cisco AsyncOS 8.5 for Email User Guide
Chapter 17 Cisco Email Encryption
Encrypting Messages using the Email Security Appliance
Enabling Message Encryption on the Email Security Appliance
Procedure
Step 1
Click Security Services > Cisco IronPort Email Encryption.
Step 2
Click Enable.
Step 3
(Optional) Click Edit Settings to configure the following options:
•
The maximum message size to encrypt. Cisco’s recommended message size is 10 MB. The
maximum message size the appliance will encrypt is 25 MB.
maximum message size the appliance will encrypt is 25 MB.
Note
Encrypting messages larger than the recommended 10 MB limit may slow down the
performance of the appliance.
If you are using the Cisco Registered Envelope Service, message recipients will be unable
to reply to an encrypted message that has attachments larger than 10 MB.
performance of the appliance.
If you are using the Cisco Registered Envelope Service, message recipients will be unable
to reply to an encrypted message that has attachments larger than 10 MB.
•
Email address of the encryption account administrator. When you provision an Encryption Profile,
this email address is registered automatically with the encryption server.
this email address is registered automatically with the encryption server.
•
Configure a proxy server.
Configuring How a Key Service Handles Encrypted Messages
You can create one or more encryption profiles if you use a key service. You might want to create
different encryption profiles if you want to use different levels of security for different groups of email.
For example, you might want messages containing sensitive material to be sent with high security, but
other messages to be sent with medium security. In this case, you might create a high security encryption
profile to associate with the messages containing certain key words (such as ‘confidential’), and create
another encryption profile for other outgoing messages.
different encryption profiles if you want to use different levels of security for different groups of email.
For example, you might want messages containing sensitive material to be sent with high security, but
other messages to be sent with medium security. In this case, you might create a high security encryption
profile to associate with the messages containing certain key words (such as ‘confidential’), and create
another encryption profile for other outgoing messages.
You can assign an encryption profile to a custom user role to allow delegated administrators assigned to
that role to use the encryption profile with their DLP policies and content filters. Only administrators,
operators, and delegated users can use encryption profiles when configuring DLP policies and content
filters. Encryption profiles that are not assigned to a custom role are available for use by all delegated
administrators with mail or DLP policy privileges. See
that role to use the encryption profile with their DLP policies and content filters. Only administrators,
operators, and delegated users can use encryption profiles when configuring DLP policies and content
filters. Encryption profiles that are not assigned to a custom role are available for use by all delegated
administrators with mail or DLP policy privileges. See
information.
Note
You can configure multiple encryption profiles for a hosted key service. If your organization has multiple
brands, this allows you to reference different logos stored on the key server for the PXE envelopes.
brands, this allows you to reference different logos stored on the key server for the PXE envelopes.
An encryption profile stores the following settings:
•
Key server settings. Specify a key server and information for connecting to that key server.
•
Envelope settings. Specify details about the message envelope, such as the level of security,
whether to return read receipts, the length of time a message is queued for encryption before it times
out, the type of encryption algorithm to use, and whether to enable a decryption applet to run on the
browser.
whether to return read receipts, the length of time a message is queued for encryption before it times
out, the type of encryption algorithm to use, and whether to enable a decryption applet to run on the
browser.