Improvements in Exchange Server 2007 Relative to Security and Compliance

written by: Ruper Meredith; article published: year 2007, month 04;



In: Categories » Computers and technology » Servers » Improvements in Exchange Server 2007 Relative to Security and Compliance

One of the improvement goals Microsoft has had with all of their products over the past few years has been to constantly improve the security in the products. More recently with all of the regulatory compliance laws and policies being implemented, Microsoft has focused a lot of security enhancements to address privacy, information archiving, and compliance support. The release of Exchange 2007 was no different—Microsoft added in several new enhancements in the areas of security and compliance support.

One of the additions to Exchange 2007 is the creation of an Edge Transport server role that supplements the traditional Exchange database server as a system in the Exchange organization environment. Whereas the Exchange database server holds user data, the Edge Transport server is dedicated to provide first line of defense relative to virus and spam blocking. Organizations with Exchange have had servers in their demilitarized zone (DMZ) typically as SMTP relay servers that collect messages, perform antivirus and antispam filtering, and route the messages internal to the organization. However, most of the message relay servers in the DMZ have typically had no tie back to Exchange, so when messages come in for email addresses for individuals who don’t even exist in the organization, the DMZ mail relays didn’t really have a way to know, so they blindly processed antispam and antivirus checks, and then forwarded messages on to the Exchange server. The Exchange server would realize when individuals did not exist and would bounce or delete the message. This meant that the Exchange server would still have to process hundreds if not thousands or tens of thousands of invalid messages.

The Edge Transport server role, brings forward in a tightly encrypted format specific details out of Active Directory into the Edge Transport server (such as a valid list of email addresses), so that before a message is even processed for spam or virus filtering, the message determines if the recipient even exists in the organization. Only messages destined to valid recipients are processed for antispam and antivirus filtering. In many cases, this means that 50%, 60%, or even 70% of all messages are immediately deleted because a valid recipient does not exist in the organization. A simple rule of this type greatly improves the efficiency of Exchange for routing good messages, not spam.

Another major enhancement in Exchange 2007 is the addition of the Hub Transport server. For many, the Hub Transport server merely replaces the bridgehead server that handled routing in earlier versions of Exchange. However, the Hub Transport server in Exchange 2007 does more than just bridgehead routing, it also acts as the policy compliance management server. Policies can be configured in Exchange 2007 so that after a message is filtered for spam and viruses, the message goes to the policy server to be assessed whether the message meets or fits into any regulated message policy, and appropriate actions are taken. The same is true for outbound messages, that the messages go to the policy server, the content of the message is analyzed, and if the message is determined to meet specific message policy criteria, the message can be routed unchanged, or the message might be held or modified based on the policy. As an example, an organization might want any communications referencing a specific product code name or a message that has content that looks like private health information, such as Social Security number, date of birth, or health records of an individual, to be held so that encryption can be enforced on the message before it continues its route.

Other security enhancements in Exchange 2007 include default server-to-server Transport Layer Security (TLS) for server-to-server traffic so that message communications no longer transmits between Exchange servers unsecured. Even the Edge Transport and Hub Transport servers have the ability to check to see if a destination server supports TLS, and if it does support TLS communications, the transport out of Exchange 2007 is encrypted.

Not new to Exchange 2007, but key in an organization’s effort to maintain security and privacy of information is the ability to encrypt email messages and content at the client level. Exchange 2007 encrypts content between the Exchange 2007 server and an Outlook 2007 client by default, and provides full support for certificate-based Public Key Infrastructure (PKI) encryption of mail messages.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. Designing Exchange Infrastructure
After Active Directory and the physical OS has been chosen and deployed, the Exchange infrastructure can be set up and optimized for the specific needs of the organization. With these needs in mind, you can do several things to optimize an Exchange 2007 setup, as detailed in the following sections. Determining the Exchange Version When installing Exchange, the choice of Exchange version needs to be made. As with Windows Server 2003, there are two versions of Exchange, Standard and Enterprise. The Standard Edit...

2. Synchronizing Exchange Server 2007 with Novell eDirectory
Novell eDirectory and Novell Directory Service (NDS) environments are relatively commonplace in business environments, and there is often a need to integrate them into deployed Exchange infrastructures. Several tools exist that can make this a reality, including the MIIS 2003 tools discussed. In addition, tools in the Microsoft-supplied Services for NetWare can be used to synchronize directory information between the two directory systems. NOTE Exchange 2000 Server and Exchange Server 2003 included a GroupWise ...

3. Integrating Client Access into Exchange Server 2007 Design
Although the Exchange server is a powerful systems component, it is only half the equation for an email platform. The client systems comprise the other half, and are a necessary ingredient that should be carefully determined in advance. Outlining Client Access Methods Great effort has been put into optimizing and streamlining the client access approaches available in Exchange 2007. Not only have traditional approaches such as the Outlook client been enhanced, but support for nontraditional access with POP3 and...

4. Domain Name System and Its Role in Exchange Server 2007
For computer systems to communicate with each other, whether you are talking about a local area network (LAN), a wide area network (WAN), or the Internet, they must have the ability to identify one another using some type of name resolution. Several strategies have been developed over the years, but the most reliable one to date (and the current industry standard) is the use of a DNS. Accurate name resolution is critical in a mail environment as well. For a message to reach its destination, it might pass through several syste...

5. Synchronizing Directory Information with Microsoft Identity Integration Server (MIIS) 2003
In most enterprises today, each individual application or system has its own user database or directory to track who is permitted to use that resource. Identity and access control data reside in different directories as well as applications such as specialized network resource directories, mail servers, human resource, voice mail, payroll, and many other applications. Each has its own definition of the user’s “identity” (for example, name, title, ID numbers, roles, membership in groups). Many have their own ...

6. Using DNS to Route SMTP Mail in Exchange Server 2007
The primary protocol for sending email on the Internet today is known as Simple Mail Transfer Protocol, or SMTP. SMTP has been used for quite some time in UNIX and Linux environments, and has been incorporated into Active Directory as an alternative transport mechanism for site traffic. Domains that want to participate in electronic mail exchange need to set up MX record(s) for their published zone. This advertises the system that will handle mail for the particular domain, so that SMTP mail will find the way to its destinati...

7. Exchange Server 2007 as the Focal Point for Remote and Mobile Communications
Starting with Exchange Server 2003, Microsoft has added significant focus on support for remote and mobile access to Exchange. Remote and mobile access takes on two forms for Exchange: One is in the support of remote access users to Exchange with the improvement of the OWA client and mobile laptop user, and mobility is enhanced in the areas of access and synchronization with Windows Mobile and Pocket PC devices. Remote access to Exchange has become extremely important as users want to access Exchange outside of the business of...

8. What Is Exchange Server 2007
At its core, Microsoft Exchange Server 2007 is an email, calendaring, and address book system that runs on a centralized Windows Server 2003 server system. However with the release of Exchange 2007, now the sixth major release of Exchange in the 12-year history of the product, Microsoft has made significant improvements in the areas of security, reliability, scalability, mobility, and unified communications. For those Exchange experts who are already very familiar with the product, you might choose to skip this section, jump to the &l...

9. What`s Missing in Exchange Server 2007 That Was in Previous Versions
In Exchange 2007, the concept of the recovery storage group has been removed. Exchange 2003 introduced the recovery storage group as a way to restore an Exchange database to an Exchange server that wasn’t the original server that the database was created or was running on. With Exchange 2007, Microsoft has added a whole new series of technologies. The new technologies do a better job of replicating Exchange databases and making Exchange recoverable both from a local database crash and from a server or entire site failure. Also...