Information Security Policies for Exchange Server 2007

The next few sections outline policies that relate to messaging and that should be a part of your overall information security policies. Several examples are listed to help illustrate the points.

Password Policies

Because users need to authenticate to an Exchange Server 2007 server, and because they need to be authenticated in the Active Directory environment, you need password policies. Such policies could include the following topics:

  • Minimum password length

  • Password complexity

  • Reuse of old passwords prohibited

  • User-selected passwords prohibited

  • Storage of passwords

  • Anonymous user IDs prohibited (consider Microsoft Outlook Web Access)

  • Displaying and printing of passwords

  • Periodic password changes ...

Get Microsoft® Exchange Server 2007 Administrator's Companion now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.