PL  |  NL  |  FR  |  ES  |  PT  |  IT  |  DE  |  DK  |  NO  |  SE  |  FI  |  GR  |  JP  |  CN  |  KR  |  RU  |  AE

  Report this article

More information

What is Web server Log File Analysis

Are Used Cisco switches worth buying

How to Configure a NTP Network Time Server in Windows 2000

The Apache Web Server

Installing and Setting Up IIS

Installing PHP for IIS

Install MySQL on Linux

Install MySQL on Windows

What Is Exchange Server 2007

What`s Missing in Exchange Server 2007 That Was in Previous Versions

How Messages Get to Exchange from the Internet

How Messages Route Within an Internal Exchange Environment

Using Services for UNIX to Integrate UNIX Systems with an Active Directory/Exchange Server 2007 Environment

Exchange Server 2007 as the Focal Point for Remote and Mobile Communications

One of the improvement goals Microsoft has had with all of their products over the past few years has been to constantly improve the security in the products. More recently with all of the regulatory compliance laws and policies being implemented, Microsoft has focused a lot of security enhancements to address privacy, information archiving, and compliance support. The release of Exchange 2007 was no different—Microsoft added in several new enhancements in the areas of security and compliance support.

One of the additions to Exchange 2007 is the creation of an Edge Transport server role that supplements the traditional Exchange database server as a system in the Exchange organization environment. Whereas the Exchange database server holds user data, the Edge Transport server is dedicated to provide first line of defense relative to virus and spam blocking. Organizations with Exchange have had servers in their demilitarized zone (DMZ) typically as SMTP relay servers that collect messages, perform antivirus and antispam filtering, and route the messages internal to the organization. However, most of the message relay servers in the DMZ have typically had no tie back to Exchange, so when messages come in for email addresses for individuals who don’t even exist in the organization, the DMZ mail relays didn’t really have a way to know, so they blindly processed antispam and antivirus checks, and then forwarded messages on to the Exchange server. The Exchange server would realize when individuals did not exist and would bounce or delete the message. This meant that the Exchange server would still have to process hundreds if not thousands or tens of thousands of invalid messages.

The Edge Transport server role, brings forward in a tightly encrypted format specific details out of Active Directory into the Edge Transport server (such as a valid list of email addresses), so that before a message is even processed for spam or virus filtering, the message determines if the recipient even exists in the organization. Only messages destined to valid recipients are processed for antispam and antivirus filtering. In many cases, this means that 50%, 60%, or even 70% of all messages are immediately deleted because a valid recipient does not exist in the organization. A simple rule of this type greatly improves the efficiency of Exchange for routing good messages, not spam.

Another major enhancement in Exchange 2007 is the addition of the Hub Transport server. For many, the Hub Transport server merely replaces the bridgehead server that handled routing in earlier versions of Exchange. However, the Hub Transport server in Exchange 2007 does more than just bridgehead routing, it also acts as the policy compliance management server. Policies can be configured in Exchange 2007 so that after a message is filtered for spam and viruses, the message goes to the policy server to be assessed whether the message meets or fits into any regulated message policy, and appropriate actions are taken. The same is true for outbound messages, that the messages go to the policy server, the content of the message is analyzed, and if the message is determined to meet specific message policy criteria, the message can be routed unchanged, or the message might be held or modified based on the policy. As an example, an organization might want any communications referencing a specific product code name or a message that has content that looks like private health information, such as Social Security number, date of birth, or health records of an individual, to be held so that encryption can be enforced on the message before it continues its route.

Other security enhancements in Exchange 2007 include default server-to-server Transport Layer Security (TLS) for server-to-server traffic so that message communications no longer transmits between Exchange servers unsecured. Even the Edge Transport and Hub Transport servers have the ability to check to see if a destination server supports TLS, and if it does support TLS communications, the transport out of Exchange 2007 is encrypted.

Not new to Exchange 2007, but key in an organization’s effort to maintain security and privacy of information is the ability to encrypt email messages and content at the client level. Exchange 2007 encrypts content between the Exchange 2007 server and an Outlook 2007 client by default, and provides full support for certificate-based Public Key Infrastructure (PKI) encryption of mail messages.