20 tips on securing Outlook in 20 minutes

"20 Tips on securing Outlook in 20 minutes" is excerpted from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange 2003 © 2004, published by Microsoft Press.

You can download a .pdf version of a Chapter in Paul Robichaux's new book. To download "Secure Messaging with Microsoft Exchange Server 2003," click here.

Table of contents

Understanding Outlook's security features
[ Return to Table of Contents ]

There's often a tension between convenience and security, and that's particularly true of the security features introduced in the Outlook E-Mail Security Update for Microsoft Outlook 98 and Outlook 2000. (The update's features are built into Outlook 2002 and Microsoft Office Outlook 2003.)

The goal of the update was to add features to Outlook to limit the spread of e-mail-borne malware. Among other things, this required restricting users' ability to access some kinds of attachments, like executable files and VBScripts. In addition, the security update causes Outlook to warn users when external programs (from both Microsoft and third parties) try to access certain properties and meth-ods.

• The Outlook security update
• Address Book and object model security
• Security zone changes
• S/MIME security
• RPC over HTTPS
• Information Rights Management

Customizing the Outlook Security Update
[ Return to Table of Contents ]

When Outlook starts up and logs on to an Exchange server, it looks for a registry key that tells it which version of a special public folder to look for. This folder can be named either Outlook Security Settings (which applies to Outlook 98 and Outlook 2000) or Outlook 10 Security Settings (which applies to Outlook 2002 and Outlook 2003). Based on what Outlook finds in the folder, it might use security settings that vary from the default. The contents of those public folders determine which settings Outlook uses; you post messages to the public folder using a special form.

• Installing the security package
• Installing the Trusted Code Control
• Creating a public folder for security settings
• Filling out the template
• Deploying Outlook security settings

Customizing Outlook security settings for end users
[ Return to Table of Contents ]

• Customizing Outlook security settings for end users

Setting Up RPC over HTTP
[ Return to Table of Contents ]

• Setting Up RPC over HTTP

Using S/MIME
[ Return to Table of Contents ]

• Managing certificates
• Setting S/MIME options
• Signing or encrypting a message
• Applying policy controls for S/MIME use

Using Information Rights Management
[ Return to Table of Contents ]

The IRM features of Outlook give senders more control over their e-mail by allowing them to specify that a message cannot be copied, forwarded, printed, or used past a certain date. It's important to point out that this protection is not absolute: a clever recipient can always use a digital camera to snap a quick picture of the message on screen; failing that, a pencil and paper allow even technophobes to accurately capture message content. The point of IRM, though, is to make accidental misuse of content less likely and to provide some degree of protection against purposeful misuse, and for those purposes it's successful. To use IRM, your users will need a server running Windows Server 2003 and Windows RMS set up inside your corporate firewall. Microsoft has taken the wise step of making an RMS server available to anyone with a Microsoft Passport account. This service allows use of RMS with some caveats, the biggest being that it's a free, trial, unsupported service. It's a good way to experiment with RMS features, though; it's likely that Microsoft will extend this into some kind of paid service for people who want RMS functionality without the overhead of maintaining their own RMS locally.

• Setting up for IRM
• Using IRM to protect messages

Reaching into Outlook's toolbox
[ Return to Table of Contents ]

• Reaching into Outlook's toolbox

You can download a .pdf version of a Chapter in Paul Robichaux's new book. To download "Secure Messaging with Microsoft Exchange Server 2003," click here.

About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server, and a frequent speaker and presenter at IT industry conferences. He's written software for everyone from the US National Security Agency to scientists flying their experiments aboard the Space Shuttle, fixed helicopters in the desert, and spent way too much time playing video games.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Outlook and Outlook Web Access Tips Free tools keep Microsoft Outlook visible in Windows Vista Tool deploys customized Microsoft Outlook 2007 configurations Slipstreaming Microsoft Office 2007 deployments Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Repairing damaged OWA virtual directories in Exchange Server 2003 How to access SharePoint sites through Microsoft Outlook What makes Microsoft Outlook 2007's Search feature special? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Uncovering Microsoft Outlook 2007's hidden diagnostic tools Exchange Security Tips Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Why are .PST files a security threat to Exchange Server mailboxes? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Grant or deny permissions to access a user's Exchange 2007 mailbox Create a global Safe Senders List in Exchange 2007 to filter spam Migrating antispam settings from Exchange 2003 to Exchange 2007 Deploying ISA Server as a firewall for Exchange Server mobile devices How to customize OWA authentication logon in Exchange Server 2003 Exchange 2007 out-of-office (OOF) feature adds usability and security Microsoft Outlook Free tools keep Microsoft Outlook visible in Windows Vista Migrating .PST files to an Exchange Server information store Troubleshoot Outlook 2007 error 0X8004010F on Exchange Server 2007 How to export Global Address List data to Microsoft Office Access Revised Outlook out-of-office (OOF) messages don't update in OWA Create a group policy to prevent .PST file storage in Exchange 2007 Microsoft Exchange Server and Outlook email archiving FAQs Tool deploys customized Microsoft Outlook 2007 configurations Slipstreaming Microsoft Office 2007 deployments Does Exchange cached mode work with all versions of Microsoft Outlook? Microsoft Outlook Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bacn  (SearchExchange.com) email bankruptcy  (SearchExchange.com) offline folder file  (SearchExchange.com) OST file  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.