Using TLS protocol in Exchange Server

Network administrators should anticipate and prepare for new challenges brought by encryption
Page:

The popularity of wireless LANs is increasing as is the use of wireless Internet access points, so the need for secure and encrypted e-mail exchanges is becoming more critical. While there are many implementations of e-mail encryption, one of the most popular e-mail servers is Microsoft Exchange 2003 Server which has built-in encryption capabilities.

Microsoft Exchange 2003 Server allows for the exchange of encrypted e-mail with other e-mail servers using Transport Layer Security (TLS) protocol. Without the encryption, user names and passwords can be easily intercepted on a LAN by an employee running a packet sniffing utility or by a hacker sniffing packets coming out of the LAN.

Later in this article, I will demonstrate an example of an intercepted message by the Microsoft Network Monitor without TLS encryption and you will see the full text of the unencrypted message. I will also show an example of how an encrypted message appears in the same packet sniffing utility.

The Exchange server requires an X.509 server certificate for TLS encryption. An X.509 server certificate is a digital form of identification that is typically issued by a certification authority and contains identification information, a validity period, a public key, a serial number and the digital signature of the issuer.

But first some basics.

What is Transport Layer Security protocol?

TLS is a successor to Secure Sockets Layer protocol. TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. It is good idea to keep in mind that TLS resides on the Application Layer of the OSI model. This will save you a lot of frustrations while debugging and troubleshooting encryption problems related to TLS.

The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In a typical scenario, only the server is authenticated and its identity is ensured while the client remains unauthenticated. The mutual authentication of the servers requires public key deployment to clients. When a server and client communicate, TLS protocol ensures that no third party may eavesdrop, tamper with any message, and message forgery.

The TLS Protocol Version 1.0 is defined in RFC document RFC 2246 .

Page:
More about: CA Technologies, CSR, Gateway, IETF, Microsoft, NCSA, Rock, RSA, Socket, Tumbleweed Communications, VeriSign, VIA

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/149/dropbox/

Dropbox

Dropbox is a sharing tool that allows you to synchronize your documents, as well share files with others. It automatically uploads the files to the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia