S 4.381 Encryption of Exchange system databases

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User

Microsoft Exchange information memories are databases managing user mailboxes and further relevant data on the server side in a centralised manner. Microsoft Outlook uses so-called Personal Store (PST) Container files structured similarly to a database and locally storing a user-related image of the information memories to the client. The memory location of a PST file on the server or locally on the client has a decisive influence on the encryption options.

File level encryption, e.g. using Encrypted File System (EFS), is not recommendable for information memory files of the Exchange server; the effort required for such an online encryption is not suitable for executing a Microsoft Exchange server.

The following aspects must be taken into consideration for local PST-files in Microsoft Outlook:

• the PST file constitutes a memory for user data: folders, emails, their attachments, contact information, and calendar. There are separate encryption functions for PST files.
• the level of encryption can be set in three levels:
  • "no encryption"
  • "compressible encryption": a proprietary Outlook method is used.
  • "high encryption": a proprietary Outlook method is used.
• none of the options provides sufficient protection for confidential data.
  • It is recommended to use EFS (Encrypting File System), Windows BitLocker hard-drive encryption or similar mechanisms for securing the data in a PST file.
• files encrypted with the level of encryption "high encryption" can only be stored in a packed manner to a limited extent.
• the data between server and client is transmitted without any encryption during file encryption. Therefore, the data must be protected additionally (see also S 5.125 Protection of communication with SAP systems).

Depending on the type of information stored in a database and the resulting requirements for the confidentiality and integrity of this information, it may be necessary to encrypt this data. The boundary conditions in so doing should be specified, e.g. in the security policy for Microsoft Exchange systems (see S 2.248 Definition of security guidelines for Exchange/Outlook 2000). The users must have received information about the mode of operation and the protection mechanisms when encrypting PST files.

The requirements from this safeguard can be implemented specifically as follows for version 2010:

• The Exchange databases must be encrypted with the Windows BitLocker drive encryption. In this, both the databases and the transaction logs can be taken into consideration without losing too much of the performance. It is only admissible to use the BitLocker encryption with Microsoft Exchange Server 2010 in Windows Server 2008 and higher. More detailed information can be found in the document "Microsoft support policy for the Exchange 2007 database encryption: Exchange 2007 help" in Microsoft Technet.
• It is recommended to use EFS (Encrypting File System) or Windows BitLocker drive encryption to protect local data in a PST file and/or an OST file.

Review questions:

• Is there a concept for encrypting PST files and information memory files?
• Did the users receive information about the mode of operation and the protection mechanisms when encrypting PST files?