Chapter 11: Securing Internet Communications

Overview

In order to guarantee that the United States meets the challenge of this new means of commerce, communication, and education, government must be careful not to interfere. We should not harness the Internet with a confusing array of intrusive regulations and controls.

—Senator John Ashcroft, 1997

Once your servers themselves are secure, the next step in building a solid security foundation for your messaging systems is to protect their communications. It’s interesting to look at the way the U.S. government designed its formerly secret L4 communication system: coaxial cables, buried in concrete tunnels 4 feet underground, and linked to a hardened communications bunker. Although you might think that these cables would be secure enough, the government encrypted the voice and data traffic that traversed them. In the same vein, just because you’ve applied strong physical security, access controls, and operating system settings, don’t assume that you can do without communications security (COMSEC). In this chapter, we examine various ways to get better COMSEC for your Microsoft Exchange servers, with a focus on allowing more secure communication between servers across the Internet. (Client-to-server security for Outlook Web Access is covered in Chapter 14, “Securing Outlook Web Access,” and Post Office Protocol [POP]/Internet Message Access Protocol [IMAP] security is discussed in Chapter 15, “Securing POP and IMAP”).