Improvements in Exchange Server 2007 Relative to Security and Compliance

by Ruper Meredith.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on servers  

You are here: Categories » Computers and technology » Servers

One of the improvement goals Microsoft has had with all of their products over the past few years has been to constantly improve the security in the products. More recently with all of the regulatory compliance laws and policies being implemented, Microsoft has focused a lot of security enhancements to address privacy, information archiving, and compliance support. The release of Exchange 2007 was no different—Microsoft added in several new enhancements in the areas of security and compliance support.

One of the additions to Exchange 2007 is the creation of an Edge Transport server role that supplements the traditional Exchange database server as a system in the Exchange organization environment. Whereas the Exchange database server holds user data, the Edge Transport server is dedicated to provide first line of defense relative to virus and spam blocking. Organizations with Exchange have had servers in their demilitarized zone (DMZ) typically as SMTP relay servers that collect messages, perform antivirus and antispam filtering, and route the messages internal to the organization. However, most of the message relay servers in the DMZ have typically had no tie back to Exchange, so when messages come in for email addresses for individuals who don’t even exist in the organization, the DMZ mail relays didn’t really have a way to know, so they blindly processed antispam and antivirus checks, and then forwarded messages on to the Exchange server. The Exchange server would realize when individuals did not exist and would bounce or delete the message. This meant that the Exchange server would still have to process hundreds if not thousands or tens of thousands of invalid messages.

The Edge Transport server role, brings forward in a tightly encrypted format specific details out of Active Directory into the Edge Transport server (such as a valid list of email addresses), so that before a message is even processed for spam or virus filtering, the message determines if the recipient even exists in the organization. Only messages destined to valid recipients are processed for antispam and antivirus filtering. In many cases, this means that 50%, 60%, or even 70% of all messages are immediately deleted because a valid recipient does not exist in the organization. A simple rule of this type greatly improves the efficiency of Exchange for routing good messages, not spam.

Another major enhancement in Exchange 2007 is the addition of the Hub Transport server. For many, the Hub Transport server merely replaces the bridgehead server that handled routing in earlier versions of Exchange. However, the Hub Transport server in Exchange 2007 does more than just bridgehead routing, it also acts as the policy compliance management server. Policies can be configured in Exchange 2007 so that after a message is filtered for spam and viruses, the message goes to the policy server to be assessed whether the message meets or fits into any regulated message policy, and appropriate actions are taken. The same is true for outbound messages, that the messages go to the policy server, the content of the message is analyzed, and if the message is determined to meet specific message policy criteria, the message can be routed unchanged, or the message might be held or modified based on the policy. As an example, an organization might want any communications referencing a specific product code name or a message that has content that looks like private health information, such as Social Security number, date of birth, or health records of an individual, to be held so that encryption can be enforced on the message before it continues its route.

Other security enhancements in Exchange 2007 include default server-to-server Transport Layer Security (TLS) for server-to-server traffic so that message communications no longer transmits between Exchange servers unsecured. Even the Edge Transport and Hub Transport servers have the ability to check to see if a destination server supports TLS, and if it does support TLS communications, the transport out of Exchange 2007 is encrypted.

Not new to Exchange 2007, but key in an organization’s effort to maintain security and privacy of information is the ability to encrypt email messages and content at the client level. Exchange 2007 encrypts content between the Exchange 2007 server and an Outlook 2007 client by default, and provides full support for certificate-based Public Key Infrastructure (PKI) encryption of mail messages.

Share
Leave a comment or ask a question
Total comments: 0

Servers Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Exchange Server 2007 as the Focal Point for Remote and Mobile Communications - Starting with Exchange Server 2003, Microsoft has added significant focus on support for remote and mobile access to Exchange. Remote and mobile access takes on two forms for Exchange: One is in (more...)
Synchronizing Directory Information with Microsoft Identity Integration Server (MIIS) 2003 - In most enterprises today, each individual application or system has its own user database or directory to track who is permitted to use that resource. Identity and access control data reside in (more...)
Using DNS to Route SMTP Mail in Exchange Server 2007 - The primary protocol for sending email on the Internet today is known as Simple Mail Transfer Protocol, or SMTP. SMTP has been used for quite some time in UNIX and Linux environments, and has bee (more...)
Domain Name System and Its Role in Exchange Server 2007 - For computer systems to communicate with each other, whether you are talking about a local area network (LAN), a wide area network (WAN), or the Internet, they must have the ability to identify o (more...)
Why network administrators need a network bandwidth monitor - Every network admin should monitor network bandwidth and traffic usage in his local network to use the enterprise resources efficiently. To do that, you need to install a network bandwidth moni (more...)
What is a Server - Server describes a function rather than a particular PC technology or design. A server is a computer that provides resources that can be shared by other computers. Those resources include file (more...)
What is a Network Computer - The opposite direction for the home PC is one stripped of power instead of enhanced. Instead of being a general purpose machine, this sort of home PC would be particularly designed for interacti (more...)
Are Used Cisco switches worth buying - Buying new things all the time can be a great fun. Seeing every bit of computer equipment looking new and shiny can be very satisfying. With the recession in full swing at the moment most people ar (more...)
How to Configure a NTP Network Time Server in Windows 2000 - Summary: This article describes how to configure Windows 2000 to act as an authoritative time server using NTP (Network Time Protocol). Computer time synchronisation is highly impo (more...)
The Apache Web Server - There are currently two different versions of Apache: the original 1.3.x series and the newer Apache 2.x series. In this guide, we're going to look at the latest version of the 1.3.x series, wh (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.