12-10-2014 02:28 PM
Am using version 7.4.0.254 and users are getting this pop-up when they click the Encrypt Message, provide their password and click OK:
"Please note that encryption should be used for business purposes only."
Is there any way to suppress this popup?
Also, even if we click remember password, the password prompt comes up each time a message is encrypted, requiring users to click OK. Is there any way to suppress these prompts?
Jason
Solved! Go to Solution.
12-10-2014 08:49 PM
First the easy one, this is current a all or nothing, but if it is more annoying to your group of users and it is not a requirement you'll probably opt to shut it off. In the BCE_config file the setting to remove the usage reminder is
<displayUsageReminder>false</displayUsageReminder>
Ok depending on how much your users are using the encryption, you can change the mode to Flag and completely remove the password requirement. Only three issues with this configuration:
- (No non-repudiation) For example someone could possibly spoof an e-mail within the organization as the CEO and tag the email for encryption, and the e-mail will look like it came from your CEO encrypted unless you have some good e-mail authentication setup.
- Your users will not be able to use register for a password through the plugin. This may be needed to receive some types of very sensitive e-mails, or to use the iPhone/iPad/Android Cisco BCE client to send secure emails (Note you can always open the e-mails through the outlook preview and then open via the web to register for a password).
- finally the messages will only be encrypted at the gateway, and will be archived as plain text. This can be a good or bad thing depending on your requirements. If you have TLS and good client authentication then this might by fine.
Now if you really need the passwords and encrypt at the client verse at the gateway. Then I believe it might be the password cache setting that will help the most. I'm not 100% sure about sending. You can set the max=-1 to all ways remember. But remember if you receive a high sensitive encrypted e-mail I believe it will ask for the password anyways, you can set the default sensitivity in the BCE.
Hope this was helpful, I would recommend testing these configurations on your self, also if you read the 7.4 Plugin admin manual you can even target users and have different configuration requirements for each one, which could be helpful if you are like me and have to push out configurations at installation to hundreds and thousands of users.
12-10-2014 08:49 PM
First the easy one, this is current a all or nothing, but if it is more annoying to your group of users and it is not a requirement you'll probably opt to shut it off. In the BCE_config file the setting to remove the usage reminder is
<displayUsageReminder>false</displayUsageReminder>
Ok depending on how much your users are using the encryption, you can change the mode to Flag and completely remove the password requirement. Only three issues with this configuration:
- (No non-repudiation) For example someone could possibly spoof an e-mail within the organization as the CEO and tag the email for encryption, and the e-mail will look like it came from your CEO encrypted unless you have some good e-mail authentication setup.
- Your users will not be able to use register for a password through the plugin. This may be needed to receive some types of very sensitive e-mails, or to use the iPhone/iPad/Android Cisco BCE client to send secure emails (Note you can always open the e-mails through the outlook preview and then open via the web to register for a password).
- finally the messages will only be encrypted at the gateway, and will be archived as plain text. This can be a good or bad thing depending on your requirements. If you have TLS and good client authentication then this might by fine.
Now if you really need the passwords and encrypt at the client verse at the gateway. Then I believe it might be the password cache setting that will help the most. I'm not 100% sure about sending. You can set the max=-1 to all ways remember. But remember if you receive a high sensitive encrypted e-mail I believe it will ask for the password anyways, you can set the default sensitivity in the BCE.
Hope this was helpful, I would recommend testing these configurations on your self, also if you read the 7.4 Plugin admin manual you can even target users and have different configuration requirements for each one, which could be helpful if you are like me and have to push out configurations at installation to hundreds and thousands of users.
12-11-2014 12:50 PM
Thank you Paul, this is very helpful and I am testing it out in my environment now. If you don't hear from me all works as you say.
Jason
04-05-2018 11:14 AM
Hi Paul,
I have a different question. Our problem is the Cisco IronPort Email Security Plug-In for Outlook keeps getting disabled because it is so slow. I couldn't find a bug fix, any suggestions?
Thank you,
Eddie
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide