• Support for S/MIME Encrypted Messaging
  • Administering the Messaging and Security Feature Pack
  • Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 sp2




    Download 0.55 Mb.
    bet4/26
    Sana21.03.2017
    Hajmi0.55 Mb.
    1   2   3   4   5   6   7   8   9   ...   26

    Advanced Security Features


    The advanced security features in MSFP can be used to meet more stringent security requirements.

    Certificate-Based Authentication


    If SSL basic authentication does not meet your security requirements and you have an existing Public Key Infrastructure (PKI) using Microsoft Certificate Server, you may wish to use the certificate-based authentication feature in Exchange ActiveSync. If you use this feature in conjunction with the other features described in this document, such as local device wipe and the enforced use of a power-on password, you can transform the mobile device itself into a smartcard. The private key and certificate for client authentication is stored in memory on the device. However, if an unauthorized user attempts to brute force attack the power-on password for the device, all user data is purged including the certificate and private key.

    For more information, see Appendix A: Overview of Deploying Exchange ActiveSync Certificate-Based Authentication.

    Microsoft has created a tool for deploying Exchange ActiveSync certificate-based authentication. Download the tool and documentation from the Microsoft Download center Web site.

    Support for S/MIME Encrypted Messaging


    The Messaging and Security Feature Pack for Windows Mobile 5.0 provides native support for digitally signed, encrypted messaging. When encryption with the Secure/Multipurpose/Internet Mail Extension (S/MIME) is deployed, users can view and send S/MIME-encrypted messages from their mobile device.

    The S/MIME control:



       Is a standard for security enhanced e-mail messages that use a Public Key Infrastructure (PKI) to share keys

       Offers sender authentication by using digital signatures

       Ensures that only the intended recipient can read the message

       Encrypts e-mail data at rest on the device to protect privacy

       Works well with any standard-compliant e-mail client

       Requires the use of a smart card reader



    For guidance on how to implement the S/MIME control with Microsoft® Exchange Server 2003 SP2, see the Exchange Server Message Security Guide.

    Administering the Messaging and Security Feature Pack


    Safeguards like password policies and remote wipe capabilities provide you with the security features to help you protect your organization’s data. With the combination of the management capabilities built into Exchange Server 2003 SP2 and the security and configuration protocols included in the Windows Mobile 5.0-based devices that have the Messaging and Security Feature pack, your control over mobile devices has been streamlined. You will see that most of the administration of the security features for the mobile device happens on the Exchange Server or on the Exchange ActiveSync Mobile Administration Web tool.

    The following table summarizes the features and the settings required on the Exchange Server or on the mobile device.



    Feature

    Exchange Server Settings

    Mobile Device Settings

    Exchange direct push technology

    Enabled by default with Exchange Server 2003 SP2

    No preliminary device setup required. The device automatically switches from SMS to direct push technology when it synchronizes with ActiveSync. User steps thru ActiveSync wizard upon login to Exchange server.

    Exchange ActiveSync

    Enabled by default with Exchange Server 2003 SP2

    Set parameters by using Exchange System Manager’s Mobile Services Properties



    No preliminary device setup required; user steps thru ActiveSync wizard upon login to Exchange server.

    Wireless access to global address list (GAL)

    Default Exchange Server setup

    Requires Outlook Web Access published on Exchange Server



    No preliminary device setup required

    Privileged devices have automatic access to GAL



    Remotely enforced IT policy

    Enable direct push technology in Exchange ActiveSync

    Use Exchange System Manager’s Mobile Services Properties to apply policies



    No preliminary device setup required; user steps thru ActiveSync wizard upon login to Exchange server and accepts IT policies.

    Remote Wipe

    Enable direct push technology in Exchange ActiveSync

    Use Mobile Administration Web tool to initiate, track, and cancel the remote wipe



    No preliminary device setup required; user steps thru ActiveSync wizard upon login to Exchange server and accepts IT policies.

    Certificate-based authentication

    Initial certificate enrollment and renewal using Desktop ActiveSync is required.

    S/MIME mobile device support

    Deploy an Exchange Server 2003 messaging system with PKI security

    Install certificate enrollment protocol and key on the device


    1   2   3   4   5   6   7   8   9   ...   26


    Download 0.55 Mb.

    Bosh sahifa
    Aloqalar

        Bosh sahifa


    Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 sp2

    Download 0.55 Mb.