Chapter Summary

Exchange 2000 Server relies on Windows 2000 security features, which cover basic security needs as well as advanced requirements. Access to configuration objects, mailboxes, and public folders, for instance, is protected through the Windows 2000 security subsystem based on Active Directory information. Front end/back end configurations allow you to achieve secure connections to the Internet, and encryption technologies give you the ability to encrypt the communication between your mail servers and between your users.

For message security—the signing and sealing of messages—Exchange 2000 Server relies on KMS. KMS integrates with Windows 2000 Certificate Services and establishes an Exchange-specific PKI. Using KMS, you can provide your users with advanced security. Using Outlook 2000, each user must complete this process individually, and after that they can send signed and sealed messages. However, sealed messages can only be sent to other users that have advanced security enabled. Otherwise, the recipient's sealing certificate cannot be obtained from Active Directory. If you want to send encrypted messages to recipients in other organizations, you will need to ask those persons for their sealing certificates and maintain them in contact objects individually. Sealing certificates can be exchanged through signed messages.