Solved: Re: First the easy one, this is

Jason Meyer · ‎12-10-2014

Am using version 7.4.0.254 and users are getting this pop-up when they click the Encrypt Message, provide their password and click OK:

"Please note that encryption should be used for business purposes only."

Is there any way to suppress this popup?

Also, even if we click remember password, the password prompt comes up each time a message is encrypted, requiring users to click OK. Is there any way to suppress these prompts?

Jason

Paul Cardelli · ‎12-10-2014

First the easy one, this is current a all or nothing, but if it is more annoying to your group of users and it is not a requirement you'll probably opt to shut it off. In the BCE_config file the setting to remove the usage reminder is

<displayUsageReminder>false</displayUsageReminder>

Ok depending on how much your users are using the encryption, you can change the mode to Flag and completely remove the password requirement. Only three issues with this configuration:

- (No non-repudiation) For example someone could possibly spoof an e-mail within the organization as the CEO and tag the email for encryption, and the e-mail will look like it came from your CEO encrypted unless you have some good e-mail authentication setup.

- Your users will not be able to use register for a password through the plugin. This may be needed to receive some types of very sensitive e-mails, or to use the iPhone/iPad/Android Cisco BCE client to send secure emails (Note you can always open the e-mails through the outlook preview and then open via the web to register for a password).

- finally the messages will only be encrypted at the gateway, and will be archived as plain text. This can be a good or bad thing depending on your requirements. If you have TLS and good client authentication then this might by fine.

Now if you really need the passwords and encrypt at the client verse at the gateway. Then I believe it might be the password cache setting that will help the most. I'm not 100% sure about sending. You can set the max=-1 to all ways remember. But remember if you receive a high sensitive encrypted e-mail I believe it will ask for the password anyways, you can set the default sensitivity in the BCE.

Hope this was helpful, I would recommend testing these configurations on your self, also if you read the 7.4 Plugin admin manual you can even target users and have different configuration requirements for each one, which could be helpful if you are like me and have to push out configurations at installation to hundreds and thousands of users.

View solution in original post

Paul Cardelli · ‎12-10-2014

First the easy one, this is current a all or nothing, but if it is more annoying to your group of users and it is not a requirement you'll probably opt to shut it off. In the BCE_config file the setting to remove the usage reminder is

<displayUsageReminder>false</displayUsageReminder>

Ok depending on how much your users are using the encryption, you can change the mode to Flag and completely remove the password requirement. Only three issues with this configuration:

- (No non-repudiation) For example someone could possibly spoof an e-mail within the organization as the CEO and tag the email for encryption, and the e-mail will look like it came from your CEO encrypted unless you have some good e-mail authentication setup.

- Your users will not be able to use register for a password through the plugin. This may be needed to receive some types of very sensitive e-mails, or to use the iPhone/iPad/Android Cisco BCE client to send secure emails (Note you can always open the e-mails through the outlook preview and then open via the web to register for a password).

- finally the messages will only be encrypted at the gateway, and will be archived as plain text. This can be a good or bad thing depending on your requirements. If you have TLS and good client authentication then this might by fine.

Now if you really need the passwords and encrypt at the client verse at the gateway. Then I believe it might be the password cache setting that will help the most. I'm not 100% sure about sending. You can set the max=-1 to all ways remember. But remember if you receive a high sensitive encrypted e-mail I believe it will ask for the password anyways, you can set the default sensitivity in the BCE.

Hope this was helpful, I would recommend testing these configurations on your self, also if you read the 7.4 Plugin admin manual you can even target users and have different configuration requirements for each one, which could be helpful if you are like me and have to push out configurations at installation to hundreds and thousands of users.

Jason Meyer · ‎12-11-2014

Thank you Paul, this is very helpful and I am testing it out in my environment now. If you don't hear from me all works as you say.

Jason

ocb_cisco · ‎04-05-2018

Hi Paul,

I have a different question. Our problem is the Cisco IronPort Email Security Plug-In for Outlook keeps getting disabled because it is so slow. I couldn't find a bug fix, any suggestions?

Thank you,

Eddie