Help secure Exchange with Encrypting File System

Just as important is the requirement to make sure that nefarious people cannot get into your server and read your users' e-mail. Some of these e-mails could contain company confidential information, especially given the fact that most users will not be aware of the need to secure confidential information in their e-mail messages.

So how do you go about handling such problems? One way, suggested in an article by Kent Joshi at InformIT, is to use the Encrypting File System (EFS) for your e-mail message store.

Exchange administrators can invoke EFS on the server. You then right click on the file you want protected, and then follow the wizards to set EFS in place. Once that's done, a user can even grant access to his mailbox to another user, or the administrator can do so, and that second person will be unable to read mail that the user has encrypted from his Outlook client.

You will also want to ensure that access to the Exchange server is controlled, so that rogue persons cannot get into the server and alter settings. You can do this with a Group Policy Object (GPO), specifying which groups of users are allowed to access the server itself.

But there's one thing that many people might forget, and that is to ensure that the GPOs themselves are secured with an access control list. If someone can get into your GPOs and alter them, they could give themselves access to your entire network setup. So make sure you use restrictive Access Control Lists that will not allow just anyone to view or edit them.

David Gabel has been testing and writing about computers for 25 years.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Exchange Security Tips How to install Forefront Security for Exchange Server Is full email encryption the solution to Exchange security? Lock down direct file access and protect OWA users Controlling spam in Exchange 2007 at the edge transport server level When to use a self-signed certificate with Exchange Server 2007 Obtaining and verifying SSL certificates in Exchange Server How file-level antivirus software can harm your Exchange Server Understanding Exchange Server 2007 SP1 mobile security settings Which ActiveSync authentication method is best for your mobile device? Why you should secure Exchange 2007 using administrative policies Email Encryption Is full email encryption the solution to Exchange security? When to use a self-signed certificate with Exchange Server 2007 Enabling encryption with digital certificates on BlackBerry devices How to protect an Exchange journaling mailbox from email spoofing Using Exchange Server journaling as an email-archiving solution Deploying ISA Server as a firewall for Exchange Server mobile devices How to set up an SSL certificate to encrypt OWA and ActiveSync traffic SecureZip improves encryption for Microsoft Outlook A Microsoft Outlook email security tutorial -- 8 tips in 8 minutes Zip and encrypt Microsoft Outlook email attachments Microsoft Exchange Server Permissions Exchange users receiving email addressed to legacy users Restrict access to Outlook Web Access via Exchange System Manager Why you should secure Exchange 2007 using administrative policies Editing Exchange Server public folder permissions Can't delete old Microsoft Outlook public folders Why can't I grant users permissions to an Exchange public folder? Exchange public folder calendar can't be opened in Microsoft Outlook Grant or deny permissions to access a user's Exchange 2007 mailbox Set Outlook calendar permissions for group to view private meetings Exchange Admin 101: Exchange 2003 and Exchange 2007 admin privileges RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary privilege  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.