Microsoft’s Trustworthy Computing Initiative
In
2002, Microsoft Founder and Chairman Bill Gates sent a memo to all
employees at Microsoft emphasizing the importance of making the
company’s software more “trustworthy.” He labeled this new effort
“Trustworthy Computing” and stated that the company focus needed to
shift toward making software that was more secure and helping users
become more comfortable with their electronic privacy.
This
memo began a shift of focus for the entire organization that continues
today. And it is working. Microsoft has recorded a significant
reduction of publicly reported vulnerabilities in their products across
the board.
However,
no matter what security features are built in to a product, you still
have to ensure that they are implemented and configured properly to be
effective.
Microsoft Exchange Server 2007
was designed, built, and implemented with this new security effort in
place. Microsoft has gone to great lengths to provide a rich array of
security features at the client, server, and transport layers in
Exchange Server 2007 to protect an organization’s messaging environment
investment.
By actively and aggressively securing each of these three layers, you can ensure your chain has no “weak links.”
Exchange Server 2007 Client-Level Security Enhancements
As
mentioned earlier, Exchange Server 2007 has several improved security
features—especially when combined with Outlook 2007. Some of these
features include the following:
Minimizing junk email—
The junk email folder, first introduced in Outlook 2003, helps protect
users from junk email. Utilizing the Outlook 2007 junk email filter,
Outlook 2007 can disable threatening links and warn you about possibly
malicious content within an email message.
Antiphishing methods—
Exchange Server 2007 acts as the first scan on incoming email and works
to determine the legitimacy of the message. If applicable, Exchange
Server 2007 can disable links or uniform resource locators (URLs)
present in the message to help protect users.
Information Rights Management (IRM)—
Exchange Server 2007 can help control the distribution of corporate
data by preventing recipients from forwarding, copying, or printing
confidential email messages. In addition, expiration dates can be
applied to messages, after which they cannot be viewed or acted upon.
IRM functionality is based on Microsoft Windows Rights Management
Services (RMS) running on Windows Server 2003 servers.
Managed email folders—
Exchange Server 2007 helps organizations maintain compliance by
applying a new approach to document retention. Utilizing managed email
folders, users can see and interact with their messages in Outlook 2007
just as they would using regular mail folders, but the managed email
folder applies retention, archive, and expiration policies defined by
the administrator. Utilizing managed email folders, users and
administrators can comply with regulations set by corporate policy or
by external agencies.
In
addition, Exchange Server 2007 continues to support several security
technologies that were present in Exchange Server 2003, including the
following:
Support
for MAPI (RPC) over HTTP or HTTPS, known as Outlook Anywhere, can be
configured to use either Secure Sockets Layer (SSL) or NT LAN Manager
(NTLM)–based authentication
Support for authentication methods, such as Kerberos and NTLM
Antispam
features such as safe and block lists, as well as advanced filtering
mechanisms to help minimize the number of unwanted emails that reach
the end user
Protection against web
beaconing, which is used by advertisers and spammers to verify email
addresses and determine whether emails have been read
Attachment blocking by Exchange Server 2007 before it reaches the intended recipient
Rights management support, which prevents unauthorized users from intercepting emails
