Exchange, with Windows 2000, can provide varying degrees of secure e-mail transmissions. For example, Secure Socket Layer (SSL) connectivity combined with IPSec function on Windows 2000 TCP/IP can offer a great deal of security on the traffic moving within and outside your company. Outside of the technical features, don't forget about administration and content protection needs as well.
Administrative delegationTight control of who can access user mailbox content should be of high importance for users and for company management. If messages will not be encrypted using Key Management or another such service from a third party, then certainly you will want to limit who among your administrators will have the ability to modify security permissions to user mailboxes and thereby gain access. Keep in mind that this control is now handled in the Active Directory and not in Exchange 2000 proper.
Key Management (KM)Using the public/private encryption key services of Exchange Key Management, individual messages and postings to public folders can be encrypted. Only the authorized recipients can then decrypt and read the messages. Use of digital signatures can further enhance the security of a message by allowing verification of the integrity of the message itself. Although all of these features are desirable, there are numerous issues with deploying KM across your Exchange organization.
Encrypted File System (EFS)Encourage your Windows 2000 Professional Workstation users running Outlook 2000 client and using Personal Store files (PST) to enable EFS for their PST. There are several tools available that crack PST passwords, but none so far that break EFS when applied to the PST.