9.3 Threat: Unauthorized access and information disclosure

The data on your Exchange server and other servers must be maintained in such a manner that no one can gain unauthorized access to the information. Such activities can be either malicious and accidental. Mechanisms must be in place to protect data from sender to receiver. Our security measures for Exchange need to give users and management the assurance that only users who are authorized can access certain information. We need to provide a high degree of confidentiality as well. This means that only users who are supposed to have access to certain data should have permission to view it. Confidentiality can also mean blocking outsiders who are trying to gain access. For example, only specific employees in the human resources department should be able to view salary information. In a military application, only those with certain clearance levels should be able to read classified information. We need to have methods in place for controlling access to information among individuals or entire groups within the organization. Closely tied to the forgery threat (discussed in the next section), the unauthorized access threat can affect both servers and data. The measures available to prevent unauthorized access include access control, data encryption, and digital signing. Access control is provided by Exchange 2000/2003 reliance on Windows and leverages mechanisms such as the AD, access control lists (ACLs), access control entries (ACEs), and policy-based administration. Encryption and Rights Management ensures confidentiality by rendering intercepted or ill-gotten information unreadable and inaccessible. Likewise, digital signing ensures that there is no unauthorized tampering/ forgery by rendering modified or altered information invalid through a failure of nonrepudiation. We will discuss access control, message encryption, and signing later in this chapter when we look at message content security.