Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Exchange Server 2010 : Transport-Level Security Defined

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/26/2011 11:39:05 AM
Whereas server-level security focuses on protecting the data stored on the server from internal or external attacks, transport-level security focuses on protecting the data while it is in transit from the sender to the recipient. When most people think of transport-level security, they think of protecting data that is leaving their company network, but protecting internal communications is equally important.

The concept of defense in depth is also critical to transport-level security. This concept is also sometimes called “The Onion Approach” because, like an onion, after you get past a single layer, you find another layer and, beneath that, another. By using a combination of authentication, encryption, and authorization, you can add extra layers to protect your more sensitive data.

Encrypting Email Communications

One of the most widespread and effective methods of transport-level security is the use of encrypting message traffic as it travels across the network. Encryption is important for both external and internal email communications. Securing external communications is important to ensure your messages are not intercepted and viewed by random entities on the Internet, and securing internal communications prevents the use of data capture utilities by personnel within your organization who are not authorized to view the messages.

Table 1 shows measures that are built in to Exchange Server 2010 to assist with the encryption of message traffic that is destined for both internal and external recipients.

Table 1. Confidential Messaging Improvements in Exchange Server 2010
FeatureDescription
Intra-Org EncryptionIntroduced with Exchange Server 2007 and improved with Exchange Server 2010, all mail traveling within an Exchange Server organization is now encrypted by default. Transport Layer Security (TLS) is used for server-to-server traffic, remote procedure calls (RPC) is used for Outlook connections, and Secure Sockets Layer (SSL) is used for client access traffic (Outlook Web App, Exchange ActiveSync, and Web Services). This prevents spoofing and provides confidentiality to messages in transit.
SSL Certificates Automatically InstalledSSL certificates are installed by default in Exchange Server 2010, enabling broad use of SSL and TLS encryption from clients such as Outlook Web App and other SMTP servers.
Opportunistic TLS EncryptionIf the destination SMTP server supports TLS (via the STARTTLS SMTP command) when sending outbound email from Exchange Server 2010, Exchange Server will automatically encrypt the outbound content using TLS. In addition, inbound email sent to Exchange Server 2010 from the Internet will be encrypted if the sending server supports TLS (Exchange Server 2010 automatically installs SSL certificates). This is the first step in ensuring the default encryption of Internet-bound messaging traffic, and as more and more sites implement SMTP servers supporting this feature, the ability to encrypt Internet-bound messages by default will increase.
Information Rights Management (IRM)Administrators can use transport rules on the Hub Transport server role to enforce IRM protection on messages based on subject, content, or sender/recipient. In addition, Exchange Server 2010 prelicenses IRM-protected messages to enable fast client retrieval for users. IRM can be enabled with the addition of Windows Server 2008 Active Directory Rights Management Services (AD RMS) to an environment.

Utilizing Public Key Infrastructure (PKI)

Because Microsoft Exchange Server 2010 is installed on Microsoft Windows Server, it can take advantage of communications security features provided by the underlying operating system.

One of the most widely used security methods is the use of Public Key Infrastructure (PKI), which allows an administrator in an organization to secure traffic across both internal and external networks. Utilizing PKI provides certificate-based services by using a combination of digital certificates, registration authorities, and certificate authorities (CAs) that can be used to provide authentication, authorization, nonrepudiation, confidentiality, and verification. A CA is a digital signature of the certificate issuer.


Utilizing S/MIME

Another method of providing security to messages while in transit is the use of Secure/Multipurpose Internet Mail Extensions (S/MIME).

S/MIME allows the message traffic to be digitally signed and encrypted, and utilizes digital signatures to ensure message confidentiality. 

Utilizing TLS and SSL

Transport Layer Security (TLS) is an Internet standard protocol that is included in Microsoft Exchange Server 2010 that allows secure communications by utilizing encryption of traffic sent across a network. In a messaging environment, TLS is specifically utilized when securing server/server and/or client/server communications. Utilizing TLS can help ensure that messages sent across your network are not sent “in the clear,” or in a format that is easily intercepted and deciphered.

Other -----------------
- Exchange Server 2010 : Exchange Server-Level Security Features
- SharePoint 2010 PerformancePoint Services : Time Intelligence (part 3) - STPS Example
- SharePoint 2010 PerformancePoint Services : Time Intelligence (part 2) - STPS Syntax
- SharePoint 2010 PerformancePoint Services : Time Intelligence (part 1) - Configuring Time Intelligence for an Analysis Services Data Source & Configuring a Tabular Data Source
- SharePoint 2010 PerformancePoint Services : SQL Server Table Data Source
- BizTalk 2010 Recipes : Document Schemas - Promoting Properties
- BizTalk 2010 Recipes : Creating Schema Namespaces
- BizTalk 2010 Recipes : Creating a Schema Based on an Existing XML Document
- BizTalk 2010 Recipes : Creating Simple Document Schemas
- Restoring Windows Server 2008 (part 2) - Restoring Individual Components
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer