Transcription
SECUREMAIL USER GUIDEBACKGROUNDNBIM sends and receives sensitive and business critical information to and from centralauthorities, collaborating organisations and business partners. It is critical that the information issecured against misuse.To be able to exchange confidential information with external parties via e-mail, NBIM hasinstalled the product “Ironport Encryption Appliance”. The system consists of a special keyserver residing at NBIM, where external parties can log in to decrypt e-mails sent to them fromNBIM. All external parties will be given an e-mail account on this server as soon as a NBIM usersends the first encrypted e-mail to them. The same system can be used by external parties tosend encrypted e-mail back to NBIMThe following sections describe how secure information is exchanged:A NBIM USER SENDS A SECURE E-MAIL TO THE EXTERNAL [email protected] mails are routed for encryption by one of the following:a.By the use of Outlook Plug-in “SEND SECURE” distributed to NBIM’s users.b. By tagging the mail with keyword [SEND SECURE] / [SECURED] in the subjectfield of the message.The e-mail will then be encrypted and sent to the user’s email address [email protected] inthe form of Registered Envelope with Encrypted payload as attachment. When the externaluser receives the e-mail, they will see a text informing them of the encrypted e-mail, andinstructions on how to open the e-mail attachment.Secure Email SystemPage 1 of 7
If this is the first time the user receives encrypted e-mail, they will be instructed to registerwith the system. As soon as the external user registers, he will receive an automated mailer ofregistration, and can now re-open the encrypted e-mail and log on to decrypt the contents.THE EXTERNAL USER REGISTERS AT THE SECURE SERVERWhen opening the securedoc.html for the first time, the user will get the following screen:The user must press “Register” to register:The e-mail address is fixed to the e-mail that received the encrypted message and cannot bechanged. The user will have to fill in First and Last name as well as a password which complieswith the password policy stated in the registration page.Secure Email SystemPage 2 of 7
After registering, the user will be notified he has been successfully registered with IronportEncryption Appliance.THE EXTERNAL USERS ACCESSES THE SECURE E-MAIL SERVER ATNBIMThe external user opens the securedoc.htm attachment previously received and is presentedwith a logon page:The external user can now log in using the password used during registration.The e-mail is presented to the external user. The external user can reply to the e-mail in thesame GUI if needed. The reply is sent back to NBIM.Note: - A secured copy of the same replied email is sent to external user for his ownfuture reference.Secure Email SystemPage 3 of 7
THE NBIM USER GETS A RECEIPT WHEN THE MAIL IS RECEIVED BYTHE SYSTEMWhen the mail is received by the secure email system, the user will get a confirmation:THE NBIM USER GETS A RECEIPT WHEN THE MAIL IS READ BY THEEXTERNAL USERWhen the mail is opened by the external user, the sender will get a receipt:Secure Email SystemPage 4 of 7
SECURE MAILS FROM THE EXTERNAL USERSExternal Users should use https://securemail.nbim.no to send encrypted messages to NBIMUsers.Note: - A secured copy of the same replied email is sent to external user for his ownfuture reference.ERROR HANDLINGThere should be no specific errors. The standard e-mail interface will have help information tocover standard procedures like forgotten passwords etc.REQUIREMENT AT USER ENDa. User’s machine should be installed with the most currant version of Javab. Java scripting should be enabled in Internet Advance Options in the control panel.c. User’s machine should be connected with Internet.Secure Email SystemPage 5 of 7
NBIM POLICY FOR EMAIL COMMUNICATIONa)Maximum Message size for incoming emails is 25 MBb) Maximum Message Size for outbound emails is 25 MBc)The Blocked attachments in Inbound as well as Outbound Email are as follows :-pif scr 386 ade adp bas bat chm cmd cpl crt drv hlp hta inf ini ins isp js jse mde mp3 mp3 msc msp mst pcd reg sct shb shs sys vb vbe vbs wsc wsf wsh qt mp5 mp2 mpa css nws zib clp pcl exe java msi pif dll scr com.d) No other form of Encryption such as PGP is allowed either from NBIM to Internet orfrom Internet to NBIM.e) No password protected attachments are allowed either from NBIM to internet orInternet to NBIM.f)If you believe the communication is critical to NBIM’s business, you could request foradding your email address into ”whitelist”. Request could be sent [email protected] AND SUPPORTa.All incidents may be reported to NBIM Helpdesk via Footprints or by calling Helpdesk at 47 2407 3333b. A USD Ticket can be opened for any issue related to secure mail / Simple emailcommunication between the Internet and NBIM. The USD queue for CSC is : CSC.All.Eur.Dces.Msg.SvcsSecure Email SystemPage 6 of 7
FAQQ. Do I still need to password protect my document while sending secure mail?A. No. The Secure mail system is solely responsible and capable for the data protection. Allsuch emails will be blocked. However NBIM user shall be notified.Q. Does my external partners need to send password protected attachments?A. No, when they reply to NBIM user’s email by logging onto web portal, the email isdelivered in a secure environment of NBIM. All such emails will be blocked. HoweverNBIM user shall be notified.Q. I am still using PGP encryption to encrypt emails, will it work?A. No other form of encryption is allowed in NBIM except Ironport secure mail. All suchemails will be blocked. However NBIM user shall be notified.Q. Can my external email partner use any form of encryption?A. No other form of encryption is allowed in NBIM except Ironport securemail. All suchemails will be blocked. However NBIM user shall be notified.Secure Email SystemPage 7 of 7
installed the product “Ironport Encryption Appliance”. The system consists of a special key server residing at NBIM, where external parties can log in to decrypt e-mails sent to them from NBIM. All external parties will be given an e-mail account on this server as soon as a NBIM user s
