300-210 1.3.b Implement Email Encryption

Email can be encrypted / unencrypted via the following basic overview.  I will go over specific steps afterwards, but these are the basic steps:

1. Create an encryption profile that specifies characteristics of the encrypted email and connectivity information for the key server.  The key server can be one of the following:

• Cisco Registered Envelope Service (a managed service)
• Cisco Encryption appliance (a managed server

2. Create rules for the following elements to specify traffic to be encrypted:

• content filters
• data loss prevention policies
• message filters

Encryption flow

Once those basics have been configured, the encryption flow takes place as follows:

1. An outgoing message that meets the conditions of the filter is placed in the queue for encryption processing
2. Once encrypted, the encryption key is stored on the key server and the message is queued for delivery
3. If some temporary condition prevents the email from being sent, it remains in the queue and will be sent later

300-210 1.3.a Describe the features and functionality of the ESA

The ESA's job is to secure incoming / outgoing email and to protect the network from the same.

Features:

• Antivirus
• Aligns with Sophos and McAfee to protect against viral threats
• Antispam
• Use of Senderbase Reputation Filters and Cisco Anti-spam integration to find / handle spam.
• Outbreak filters
• a protection against new virus, scam, and phishing attacks that can quarantine messages until updates can be applied.
• Policy, Outbreak, and Virus Quarantines
• Provides quarantine areas for suspicious messages to reside until they are reviewed by an administrator.
• Spam Quarantine
• both on-box and off-box; allows end users access to quarantined spam / suspected spam.
• Email authentication
• ESM supports the following email authentication:
• Sender Policy Framework (SPF) - for incoming mail
• Sender ID Framework (SIDF) - for incoming mail
• DomainKeys Identified Mail (DKIM) - for incoming / outgoing mail
• Cisco Email Encryption
• Outgoing emails can be encrypted to various standards (HIPAA, GLBA, etc).  This is done using either a local key or hosted key service to encrypt.
• Email Security Manager
• A dashboard to configure / track various security services that can be performed on email traffic inbound / outbound policies to include:
• Cisco Reputation Filters
• Outbreak Filters
• Anti-Spam
• Anti-Virus
• email content policies
• On-box Quarantine areas
• self explanatory
• On-box message tracking
• Allows the user to track the status of specific email messages that have passed through the ESA.
• Mail flow monitoring
• provides visibility into ALL inbound/outbound email
• Access control
• Allows filtering of inbound email by sender IP, IP range, or domain.
• Message filtering
• allows enforcement of security policy on all messages entering / leaving the network
• filter rules identify based on:
• message / attachment content
• information about the network
• message envelope
• message headers
• message body
• filter actions allow messages to:
• be dropped
• be bounced
• be archived
• be blind carbon copied
• be altered
• generate notifications
• Message encryption via secure SMTP over Transport Layer Security
• straightforward
• Virtual gateway
• this allows the ESA to act as multiple email gateways within a single server.  This allows traffic from different sources / campaigns to be sent over different IP addresses.  

ESA is available via HTTP, HTTPS, and CLI.

ESA can be managed via the Security Management appliance if desired (best used in environments with several ESA servers)