Chapter 25: Securing Exchange Server 2003 Messages

In the previous two chapters, we discussed how to secure Microsoft Exchange Server 2003 and what to consider when developing a comprehensive information security policy for your e-mail users. This chapter focuses on securing messages. Exchange Server 2003 is tightly integrated with Microsoft Windows Server 2003, and you’ll learn how Windows Server 2003 supports a comprehensive Public Key Infrastructure (PKI) to ensure that the messaging component for Exchange Server 2003 is secure. Microsoft Certificate Services and the PKI are the two foundations upon which you will design, deploy, and maintain your public-key security needs.

Windows Server 2003 Security Protocols

Windows Server 2003 provides security via the following security protocols:

• Kerberos version 5 The default protocol for authentication and logon.

• NTLM (Windows Challenge/Response) Provided for backward compatibility with Microsoft Windows NT 4 and earlier, including Windows 3.11.

• Digital certificates Used with a PKI deployment; especially useful for authenticating parties outside your organization. The use of digital certificates is becoming more frequent as companies attempt to secure their communications more fully.

• SSL/TLS (Secure Sockets Layer/Transport Layer Security) Appropriate for connection-oriented security, such as access to Web-based resources on the Internet.

In this chapter, we’ll examine the use of digital certificates and public and private keys to secure messages in Exchange Server 2003. Let’s begin by looking at the public-key infrastructure in Windows Server 2003.