Your enterprise application might use Microsoft Exchange Server to store, send, and receive files. Because these files are stored in user mailboxes or public folders, and transmitted over external Internet communications, you'll want to secure them using Exchange Server's security features.
Configuring Exchange Server to secure your files requires:
For More Information For more information on how to configure Exchange Server security, search for "About Information Store Security" in MSDN Library Visual Studio 6.0.
Before establishing a connection, Exchange validates the client's credentials. Only known Windows NT accounts are permitted. When you configure Exchange to use network security during logon, the name and user ID authenticates a connection to Exchange.
You can set user access permission for each public folder. Each user permission is either assigned a role (such as Editor or Reviewer), or given a custom selection of access permissions. If your application is creating or reading files in public folders, you should enable the properties Create items, Read items, and Create subfolders.
You can control access to public folders by using distribution lists. Using distribution lists is similar to using Windows NT User Groups to provide an easy mechanism for assigning permissions to a block of users.
If your application uses public folders, be sure to limit the folder's user permissions.
The "permissions admin" permission lets an authorized Windows NT administrator assign Send As permission on a mailbox. This presents an important security issue for your application: the administrator can then create and route messages masquerading as the mailbox owner.
While Windows NT administration permissions are required to install Exchange, they are not necessary for ongoing administration tasks. You should restrict the "permissions admin" permission to one or two primary administrators for Exchange.
Your application can easily send and receive protected mail using Exchange Server's security features. Exchange provides both message encryption and digital signatures to secure the content, the transmission, and the authentication of mail messages.
The encrypted mail feature of Exchange operates only on external mail outside your organization; it does not protect mail inside an organization.
If your enterprise application uses Exchange for routing mail messages, don't overlook the protection for sensitive data provided by Exchange Server's certification authority.
Although Exchange servers authenticate each other to prevent data theft, the standard Exchange configuration using Simple Mail Transfer Protocol (SMTP) does not provide any data protection (such as encryption) for the mail messages routed within an organization.
This presents a security problem for your application: sensitive user information that is internal to your company should still be protected.
For sites connected with Internet Mail Server, Exchange provides the Extended Simple Mail Transport Protocol (ESMTP) to encrypt connections. If your application is using Exchange to store and route internal mail messages with sensitive information, you should consider using ESMTP.
For More Information For more information on securing SMTP, search for "Security Requirements When Using SMTP/POP3" in MSDN Library Visual Studio 6.0.