In this article, we will cover:
Understanding the Windows and Exchange 2000 Security Architecture
Access Control Model
Encrypting File System
This set of topics will allow you to understand the fundamentals of how to secure your messaging system against various threats using Exchange and Windows 2000's set of toolkits.
What Are the Risks?
Over the past several years, most organizations have become increasingly dependent on messaging systems for business communication. As reliance on e-mail has risen, so have the potential security risks. Recent high-profile virus attacks that targeted and disabled e-mail systems have turned the spotlight on the importance of sound e-mail security.
In addition, messaging systems transfer and store sensitive information, and it is often the responsibility of the system administrators to ensure the integrity of that information. We focus much attention on protecting our systems from external intruders, but it is actually more common for a breach in security to occur from a user within the organization. Regardless of the source of the breach, potential security risks inherent to messaging systems include:
Unauthorized access to stored messages or data
Manipulation of stored messages or data
Impersonation of a sender or recipient
Interception or theft of message transmissions
Windows 2000 provides the security architecture on which Exchange 2000 security relies and extends. Because of this reliance on the operating system, before you can understand the security options of Exchange 2000, you must first understand the security features available in Windows 2000. With proper understanding, configuration, and maintenance, Exchange provides a security platform designed to address the security requirements of an enterprise-messaging system.