In addition to security improvements for Exchange servers, enhancements have been made to security of the clients that access Exchange, including Outlook 2003, OWA, OMA, and so on.
Although this book examines the functionality included in these different clients in Chapter 10, this chapter also looks at some of the new security features
so that you can understand some of the new security features and functionality as you are thinking about deploying these clients.
Windows Rights Management
One of the most exciting enhancements to Outlook 2003 and the Microsoft Office System 2003 in general is the introduction of rights management, through Windows Rights Management Service. This feature is new with Office 2003 and requires Windows Server 2003 to work.
Rights management is based on the concept that you can assign a security policy to a particular document, which includes emails and attachments. This policy can restrict how the document can be used, including settings to allow/disallow viewing the document, copying, printing, saving, and forwarding.
In addition to internal users who might be using Office 2003, the rights management policies can be enforced with external users. A plug-in has been provided for Internet Explorer so that you can view rights-managed documents.
|
WINDOWS RIGHTS MANAGEMENT SERVER
For more information on rights management within Outlook 2003 or the Windows Rights Management Server, check out Microsoft.com. |
|
Kerberos
The "Server Security Enhancements" section of this chapter looked briefly at how the Kerberos protocol was being used to make secure connections between servers. You can also use the Kerberos protocol to make a secure connection between Outlook 2003 and Exchange 2003. In addition to providing a secure connection, Kerberos enables cross-forest authentication in forests that are running their domain controllers using Windows Server 2003, allowing the separation of Exchange users and Exchange servers.
This separation has a significant impact on the configuration of your Exchange topology and could be used to provide a "hosted" email solution to other organizations or to simplify or effectively outsource Exchange administration.
S/MIME
Finally, one of the most commonly requested security features for Exchange has been implemented in this release for OWA and OMA. Secure/Mime (S/MIME) has been the industry standard for sending secure email messages. S/MIME was originally based on the RSA public-key encryption technology.
With the release of Exchange 2003 and Outlook 2003, you can now send secure email messages using S/MIME from the full Outlook client, OWA and OMA, eliminating the need for a special add-in or third-party tool and making secure messaging with other platforms and clients a reality.
|
WEB RESOURCE
For configuring S/MIME with Exchange 2003, go to the Delta Guide series Web site and enter article ID A030802. |
|
Securing Exchange Server 2003 -- 5 tips in 5 minutes
Home: Introduction
Tip 1: Configuring SSL for Exchange Server 2003
Tip 2: Exchange Server 2003 Kerberos authentication
Tip 3: Setting up RPC over HTTP for Exchange Server 2003
Tip 4: Using cross-forest SMTP authentication with Exchange 2003
Tip 5: Exchange Server 2003 client security enhancements
 |
|
This chapter excerpt from Microsoft Exchange Server 2003 Delta Guide, by David McAmis and Don Jones, is printed with permission from Sams Publishing, Copyright 2004.
Click here for the chapter download or purchase the book here. |
|
