Overview of Client Access Server Security
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-03-21
Microsoft Exchange Server 2007 incorporates several features to enhance the security of your Exchange 2007 organization. By default, communication between Exchange 2007 computers is encrypted. Also by default, Secure Sockets Layer (SSL) is required on all virtual directories, and a self-signed certificate is installed.
When you install Exchange 2007, a self-signed SSL certificate is installed. You can use this self-signed SSL certificate to encrypt communication between clients and the Client Access server, or you can replace the self-signed certificate with another certificate. There are two sources for SSL certificates: a Microsoft Windows public key infrastructure (PKI) and a commercial third party. For more information about SSL certificates, see Understanding SSL for Client Access Servers.
Microsoft Internet Security and Acceleration (ISA) Server 2006 and Exchange Server 2007 are designed to work together to provide a more secure messaging environment. ISA Server acts as an advanced firewall that controls Internet-based traffic between multiple networks that are connected to it through its multi-networking feature. When you deploy ISA Server 2006 for Exchange 2007, ISA Server handles all client requests for Exchange information. This includes incoming and outgoing Internet communication. For more information about ISA Server 2006, see the following topics.