Improvements in Exchange Server 2007 Relative to Security and Compliance

by Ruper Meredith.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on servers  

You are here: Categories » Computers and technology » Servers

One of the improvement goals Microsoft has had with all of their products over the past few years has been to constantly improve the security in the products. More recently with all of the regulatory compliance laws and policies being implemented, Microsoft has focused a lot of security enhancements to address privacy, information archiving, and compliance support. The release of Exchange 2007 was no different—Microsoft added in several new enhancements in the areas of security and compliance support.

One of the additions to Exchange 2007 is the creation of an Edge Transport server role that supplements the traditional Exchange database server as a system in the Exchange organization environment. Whereas the Exchange database server holds user data, the Edge Transport server is dedicated to provide first line of defense relative to virus and spam blocking. Organizations with Exchange have had servers in their demilitarized zone (DMZ) typically as SMTP relay servers that collect messages, perform antivirus and antispam filtering, and route the messages internal to the organization. However, most of the message relay servers in the DMZ have typically had no tie back to Exchange, so when messages come in for email addresses for individuals who don’t even exist in the organization, the DMZ mail relays didn’t really have a way to know, so they blindly processed antispam and antivirus checks, and then forwarded messages on to the Exchange server. The Exchange server would realize when individuals did not exist and would bounce or delete the message. This meant that the Exchange server would still have to process hundreds if not thousands or tens of thousands of invalid messages.

The Edge Transport server role, brings forward in a tightly encrypted format specific details out of Active Directory into the Edge Transport server (such as a valid list of email addresses), so that before a message is even processed for spam or virus filtering, the message determines if the recipient even exists in the organization. Only messages destined to valid recipients are processed for antispam and antivirus filtering. In many cases, this means that 50%, 60%, or even 70% of all messages are immediately deleted because a valid recipient does not exist in the organization. A simple rule of this type greatly improves the efficiency of Exchange for routing good messages, not spam.

Another major enhancement in Exchange 2007 is the addition of the Hub Transport server. For many, the Hub Transport server merely replaces the bridgehead server that handled routing in earlier versions of Exchange. However, the Hub Transport server in Exchange 2007 does more than just bridgehead routing, it also acts as the policy compliance management server. Policies can be configured in Exchange 2007 so that after a message is filtered for spam and viruses, the message goes to the policy server to be assessed whether the message meets or fits into any regulated message policy, and appropriate actions are taken. The same is true for outbound messages, that the messages go to the policy server, the content of the message is analyzed, and if the message is determined to meet specific message policy criteria, the message can be routed unchanged, or the message might be held or modified based on the policy. As an example, an organization might want any communications referencing a specific product code name or a message that has content that looks like private health information, such as Social Security number, date of birth, or health records of an individual, to be held so that encryption can be enforced on the message before it continues its route.

Other security enhancements in Exchange 2007 include default server-to-server Transport Layer Security (TLS) for server-to-server traffic so that message communications no longer transmits between Exchange servers unsecured. Even the Edge Transport and Hub Transport servers have the ability to check to see if a destination server supports TLS, and if it does support TLS communications, the transport out of Exchange 2007 is encrypted.

Not new to Exchange 2007, but key in an organization’s effort to maintain security and privacy of information is the ability to encrypt email messages and content at the client level. Exchange 2007 encrypts content between the Exchange 2007 server and an Outlook 2007 client by default, and provides full support for certificate-based Public Key Infrastructure (PKI) encryption of mail messages.

Share
Leave a comment or ask a question
Total comments: 0

Servers Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
What`s Missing in Exchange Server 2007 That Was in Previous Versions - In Exchange 2007, the concept of the recovery storage group has been removed. Exchange 2003 introduced the recovery storage group as a way to restore an Exchange database to an Exchange server th (more...)
How Messages Get to Exchange from the Internet - To follow the flow of messages in an Exchange 2007 environment with all of the various server roles, the following flow occurs: 1. An incoming message from the Internet first goes to t (more...)
How Messages Route Within an Internal Exchange Environment - Internal messages are routed through Exchange in a similar manner. The process for a mail user to send a message to another mail user in the organization or to the Internet is as follows: (more...)
Using Services for UNIX to Integrate UNIX Systems with an Active Directory/Exchange Server 2007 Environment - In many cases, it might be necessary to integrate many of the components of an existing UNIX implementation with the Exchange 2007 forest. In these cases, a tool most recently provided with Windo (more...)
Exchange Server 2007 as the Focal Point for Remote and Mobile Communications - Starting with Exchange Server 2003, Microsoft has added significant focus on support for remote and mobile access to Exchange. Remote and mobile access takes on two forms for Exchange: One is in (more...)
Synchronizing Directory Information with Microsoft Identity Integration Server (MIIS) 2003 - In most enterprises today, each individual application or system has its own user database or directory to track who is permitted to use that resource. Identity and access control data reside in (more...)
Using DNS to Route SMTP Mail in Exchange Server 2007 - The primary protocol for sending email on the Internet today is known as Simple Mail Transfer Protocol, or SMTP. SMTP has been used for quite some time in UNIX and Linux environments, and has bee (more...)
Domain Name System and Its Role in Exchange Server 2007 - For computer systems to communicate with each other, whether you are talking about a local area network (LAN), a wide area network (WAN), or the Internet, they must have the ability to identify o (more...)
Why network administrators need a network bandwidth monitor - Every network admin should monitor network bandwidth and traffic usage in his local network to use the enterprise resources efficiently. To do that, you need to install a network bandwidth moni (more...)
What is a Server - Server describes a function rather than a particular PC technology or design. A server is a computer that provides resources that can be shared by other computers. Those resources include file (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.