Microsoft Exchange Server 2007 : Server and Transport-Level Security - Transport-Level Security Defined

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Whereas server-level security focuses on protecting the data stored on the server from internal or external attacks, transport-level security focuses on protecting the data while it is in transit from the sender to the recipient. When most people think of transport-level security, they think of protecting data that is leaving their company network, but protecting internal communications is equally important.

The concept of defense in depth is also critical to transport-level security. This concept is also sometimes called “The Onion Approach” because, like an onion, after you get past a single layer, you find another layer and, beneath that, another. By using a combination of authentication, encryption, and authorization, you can add extra layers to protect your more sensitive data.

Encrypting Email Communications

One of the most widespread and effective methods of transport-level security is the use of encrypting message traffic as it travels across the network. Encryption is important for both external and internal email communications. Securing external communications is important to ensure your messages are not intercepted and viewed by random entities on the Internet, and securing internal communications prevents the use of data capture utilities by personnel within your organization who are not authorized to view the messages.

Table 1 shows measures that are built in to Exchange Server 2007 to assist with the encryption of message traffic that is destined for both internal and external recipients.

Table 1. Confidential Messaging Improvements in Exchange Server 2007
Intra-Org EncryptionNew in Exchange 2007, all mail traveling within an Exchange Server 2007 organization is now encrypted by default. Transport Layer Security (TLS) is used for server-to-server traffic, remote procedure calls (RPC) is used for Outlook connections, and Secure Sockets Layer (SSL) is used for client access traffic (Outlook Web Access, Exchange ActiveSync, and Web Services). This prevents spoofing and provides confidentiality messages in transit.
SSL Certificates Automatically InstalledSSL certificates are installed by default in Exchange Server 2007, enabling broad use of SSL and TLS encryption from clients such as Outlook Web Access and other SMTP servers.
Opportunistic TLS EncryptionIf the destination SMTP server supports TLS (via the STARTTLS SMTP command) when sending outbound email from Exchange Server 2007, Exchange Server will automatically encrypt the outbound content using TLS. In addition, inbound email sent to Exchange Server 2007 from the Internet will be encrypted if the sending server supports TLS (Exchange Server 2007 automatically installs SSL certificates). This is the first step in ensuring the default encryption of Internet-bound messaging traffic, and as more and more sites implement SMTP servers supporting this feature, the ability to encrypt Internet-bound messages by default will increase.
Information Rights Management (IRM)Administrators can use transport rules on the Hub Transport server role to enforce IRM protection on messages based on subject, content, or sender/recipient. In addition, Exchange Server 2007 prelicenses IRM-protected messages to enable fast client retrieval for users.

Utilizing Public Key Infrastructure (PKI)

Because Microsoft Exchange Server 2007 is installed on Microsoft Windows Server 2003, it can take advantage of communications security features provided by the underlying operating system.

One of the most widely used security methods is the use of Public Key Infrastructure (PKI), which allows an administrator in an organization to secure traffic across both internal and external networks. Utilizing PKI provides certificate-based services by using a combination of digital certificates, registration authorities, and certificate authorities (CAs) that can be used to provide authentication, authorization, nonrepudiation, confidentiality, and verification. A CA is a digital signature of the certificate issuer.

Utilizing S/MIME

Another method of providing security to messages while in transit is the use of Secure/Multipurpose Internet Mail Extensions (S/MIME).

S/MIME allows the message traffic to be digitally signed and encrypted, and utilizes digital signatures to ensure message confidentiality. 

Utilizing TLS and SSL

Transport Layer Security (TLS) is an Internet standard protocol that is included in Microsoft Exchange Server 2007 that allows secure communications by utilizing encryption of traffic sent across a network. In a messaging environment, TLS is specifically utilized when securing server/server and/or client/server communications. Utilizing TLS can help ensure that messages sent across your network are not sent “in the clear,” or in a format that is easily intercepted and deciphered.

  •  Microsoft Exchange Server 2007 : Exchange Server-Level Security Features (part 2) - Protecting Exchange Server 2007 from Viruses
  •  Microsoft Exchange Server 2007 : Exchange Server-Level Security Features (part 1) - Exchange Server 2007 Antispam Measures
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 5) - Using Email Disclaimers
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 4) - Establishing a Corporate Email Policy, Securing Groups
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 3) - Hardening Windows Server 2003 - Running SCW
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 2) - Hardening Windows Server 2003 - Using the Microsoft Baseline Security Analyzer
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 1) - Hardening Windows Server 2003 - Auditing Policies
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Considering the Importance of Security in an Exchange Server 2007 Environment
  •  Security and Windows 8: Keeping Your PC Safe (part 2) - Windows SmartScreen, Using Windows SmartScreen, Action Center Improvements
  •  Security and Windows 8: Keeping Your PC Safe (part 1) - Windows Defender, Boot-Time Security
    Top 10
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    - win 2008 FSMO role placement
    - Xpath query with namespace(s)
    - ASP Button With QueryString
    - mac: cycle through browser tabs using keyboard
    - XML
    - function not opening
    - Outlook 2007 not loading
    - How to detect in VBA is a table is linked
    - make Excel not convert certain character strings to non-ASCII
    - SSMS 2008 intellisense doesn't show renamed table names
    programming4us programming4us