Implementing exchange server security
Download
1 / 49

Implementing Exchange Server Security - PowerPoint PPT Presentation


  • 138 Views
  • Uploaded on

Implementing Exchange Server Security. Ward Solutions. Session Prerequisites. Hands-on experience with Microsoft Windows Server 2003 Working knowledge of Microsoft Exchange Server 2003 Working knowledge of Internet protocols including POP3, IMAP4, SMTP, HTTP, and NNTP

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Implementing Exchange Server Security' - Audrey


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Session prerequisites
Session Prerequisites

  • Hands-on experience with Microsoft Windows Server 2003

  • Working knowledge of Microsoft Exchange Server 2003

  • Working knowledge of Internet protocols including POP3, IMAP4, SMTP, HTTP, and NNTP

  • Working knowledge of networking, including TCP/IP, DNS, and IIS

  • Basic understanding of PKI concepts and technologies

Level 300


Session overview
Session Overview

  • Implementing Exchange Server

  • Securing Exchange Server Services and Messaging Protocols

  • Maintaining Security on Exchange Server

  • Configuring Exchange to Protect Against Unwanted E-Mail


Implementing exchange server
Implementing Exchange Server

  • Implementing Exchange Server

  • Securing Exchange Server Services and Messaging Protocols

  • Maintaining Security on Exchange Server

  • Configuring Exchange to Protect Against Unwanted E-Mail


Exchange server 2003 security overview

Secure by default

  • User logon on server disabled

  • Messaging limits configuration of 10MB

Exchange Server 2003 Security Overview

Secure by design

  • Secure by default

  • Support for Sender, Recipient and Connection filtering, including Block List services

Microsoft Exchange Server 2003 Security Enhancements http://www.microsoft.com/exchange/evaluation/security_E2k3.mspx


Exchange server deployment scenarios
Exchange Server Deployment Scenarios

FE/BE deployment

General deployment

Front-endExchange server

Back-end Exchange servers

Exchangeserver

ISA Server integrated

Exchangeserver

ISA server

Internet



Exchange server client scenarios
Exchange Server Client Scenarios

Exchange Server 2003 client scenarios include the following:

General client access:

  • Microsoft Outlook

Mobile client access:

  • Outlook Web Access

  • Outlook Mobile Access

  • Exchange Server ActiveSync



Implementing a defense in depth approach to exchange server security

Strong passwords, ACLs, backup and restore strategy Exchange Server

Policies, procedures, and awareness

Physical security

Data

Application

Application hardening

OS hardening, authentication,

security update management, antivirus updates, auditing

Host

Internal network

Network segments, NIDS

Firewalls, boarder routers, VPNs with quarantine procedures

Perimeter

Guards, locks, tracking devices

Security policies, procedures, and education

Implementing a Defense-in-Depth Approach to Exchange Server Security

Using a layered approach:

  • Increases an attacker’s risk of detection

  • Reduces an attacker’s chance of success


Securing exchange server services and messaging protocols
Securing Exchange Server Services and Messaging Protocols Exchange Server

  • Implementing Exchange Server

  • Securing Exchange Server Services and Messaging Protocols

  • Maintaining Security on Exchange Server

  • Configuring Exchange to Protect Against Unwanted E-Mail


Securing exchange servers what are the challenges
Securing Exchange Servers: What Are the Challenges? Exchange Server

Challenges to securing an Exchange server include:

  • Maintaining the security of the underlying Windows infrastructure

  • Maintaining baseline security hardening practices

  • Understanding security options for various deployment scenarios


Hardening the messaging environment
Hardening the Messaging Environment Exchange Server

To harden your Exchange messaging environment, deploy the following:


Hardening back end exchange servers
Hardening Back-End Exchange Servers Exchange Server

Tasks for hardening back-end Exchange servers include:

  • Hardening services

  • Hardening file access control lists (ACLs)

  • Changing privilege rights

  • Enabling additional services (optional)

Apply the Exchange 2003 Backend.inf security template to your back-end servers


Hardening front end exchange servers
Hardening Front-End Exchange Servers Exchange Server

Tasks for hardening front-end Exchange servers include:

  • Hardening services

  • Hardening file access control lists (ACLs)

  • Enabling additional services (optional)

  • Running URLScan (optional but recommended)

  • Dismounting the mailbox store and deleting the public folder store (optional but recommended)

Apply the Exchange 2003 Frontend.infsecurity template to your front-end servers


Understanding smtp relaying

Relaying may be necessary when: Exchange Server

  • Accepting mail for another organization

  • Supporting clients that use POP3 or IMAP4

  • Supporting applications that generate SMTP mail

Prevent open relays by:

  • Allowing only authenticated computers to relay

  • Restricting relaying to specific computers or users

  • Using an SMTP connector to relay mail to particular domains

Understanding SMTP Relaying

SMTP Relaying: When an SMTP server accepts mail from one DNS domain addressed to mailboxes in another domain, neither one of which the server owns


Demonstration 1 securing and testing smtp relaying
Demonstration 1: Securing and Testing SMTP Relaying Exchange Server

Securing SMTP relaying and testing for open relays


Securing smtp communication between mail servers

1

  • Enable and configure TLS encryption for inbound mail

2

3

  • Enable and configure TLS encryption for outbound mail to specific domains

Securing SMTP Communication Between Mail Servers

To secure SMTP communication between servers:


Securing exchange servers best practices
Securing Exchange Servers: Best Practices server

Limit Exchange Server functionality to clients that are strictly required

ü

Remain current with the latest updates for both Exchange Server 2003 and the operating system

ü

Use ISA Server 2004 to regulate access for HTTP, RPC over HTTPS, POP3, and IMAP4 traffic

ü

Use SSL/TLS and forms-based authentication for Outlook Web Access

ü


Maintaining security on exchange server
Maintaining Security on Exchange Server server

  • Implementing Exchange Server

  • Securing Exchange Server Services and Messaging Protocols

  • Maintaining Security on Exchange Server

  • Configuring Exchange to Protect Against Unwanted E-Mail


Maintaining security on exchange server what are the challenges
Maintaining Security on Exchange Server: What Are the Challenges?

Challenges to maintaining security on an Exchange server include:

  • Keeping up with the latest security updates

  • Keeping up with recommended best practices

  • Understanding the impact of configuring the various options within Exchange Server

  • Maintaining documentation on configuration and security settings


Analyzing exchange server 2003 using mbsa
Analyzing Exchange Server 2003 Using MBSA Challenges?

MBSA checks for issues related to the following:

ü

Known Windows and Internet Explorer security issues

ü

Missing security updates

ü

Weak account passwords

ü

Internet Information Services (IIS) security issues

ü

SQL Server security issues

ü

Exchange Server security issues


Validating exchange server configuration settings
Validating Exchange Server Configuration Settings Challenges?

ExBPA can examine your Exchange servers to:

Generate a list of issues, such as misconfigurations or unsupported or non-recommended options

ü

ü

Judge the general health of a system

ü

Help troubleshoot specific problems


Demonstration 2 analyzing configuration settings on exchange server 2003
Demonstration 2: Analyzing Configuration Settings on Exchange Server 2003

Analyze Exchange Server using MBSA and the ExBPA Tool


Implementing antivirus protection on exchange server
Implementing Antivirus Protection on Exchange Server Exchange Server 2003

Consider the following when designing and implementing an antivirus solution:

  • Design a defense-in-depth approach

  • Implement an antivirus scanner that supports AVAPI 2.5

  • Prevent file-based scanning on Exchange Server folders


Configuring exchange to protect against unwanted e mail
Configuring Exchange to Protect Against Unwanted E-Mail Exchange Server 2003

  • Implementing Exchange Server

  • Securing Exchange Server Services and Messaging Protocols

  • Maintaining Security on Exchange Server

  • Configuring Exchange to Protect Against Unwanted E-Mail


Preparing for and installing imf what is spam
Preparing for and Installing IMF Exchange Server 2003- what is Spam?

  • Unsolicited Commercial E-mail

  • More than 50% of email traffic

  • Costly use of resources

    • IT

    • Personnel

  • Potentially offensive


Phishing
Phishing Exchange Server 2003


Preparing for and installing imf microsoft s anti uce strategy
Preparing for and Installing IMF Microsoft’s Anti-UCE Strategy

  • Innovative Technologies

  • Industry Self-Regulation and Cooperation

  • Working with Governments``


What are the exchange options for limiting unwanted e mail
What Are the Exchange Options for Limiting Unwanted E-Mail? Strategy

Options to limit unwanted e-mail include:

  • Recipient filtering

  • Sender filtering

  • Connection filtering

  • Microsoft Exchange Intelligent Message Filter


Preparing for and installing imf
Preparing for and Installing IMF Strategy

Accept/

Deny Lists

Information Store

3rd ptyBlock Lists

Recipient Filter

Sender Filtering

Intelligent Message Filter



Configuring filtering by recipient address
Configuring Filtering by Recipient Address Strategy

Recipient filtering blocks mail to specified addresses within your domain and filters e-mail addressed to users who are not in your Active Directory


Configuring filtering by sender address or domain
Configuring Filtering by Sender Address or Domain Strategy

Sender filtering blocks mail from specified senders or domains


Implementing real time block list support using connection filtering
Implementing Real-Time Block List Support Using Connection Filtering

Connection filtering is used to configure Exchange Server to contact a Real-Time Block List (RBL) provider


Demonstration 3 implementing real time block list support
Demonstration 3: Implementing Real-Time Block List Support Filtering

Configure Real-Time Block List Support


Overview of exchange intelligent message filter
Overview of Exchange Intelligent Message Filter Filtering

Exchange Intelligent Message Filter is an add-on product to help companies reduce the amount of unsolicited commercial e-mail received by users


Preparing for and installing imf intelligent message filtering
Preparing for and Installing IMF Intelligent Message Filtering

  • Utilizes Smart Screen Machine Learning

  • Applied at the gateway

    • Marks message with Spam Confidence Level (SCL) rating

  • Utilized throughout the mail stream

  • Scans headers, body of message and other attributes.

  • Hotmail and MSN

  • Outlook 2003 – Junk Folder

  • 3rd Party products


Deploying the intelligent message filter
Deploying the Intelligent Message Filter Filtering

Exchange Gateway Servers

Exchange Intranet Servers

Internet

Intelligent Message Filter

Firewall

Intelligent Message Filter handles e-mail based upon two thresholds:

  • Gateway blocking configuration

  • Store junk e-mail configuration


Smart screen technology

3 Filteringrd Party

Tools

SCL 5

SCL 8

SCL 5

Smart Screen

Algorithm

Client

Smart Screen Technology

Gateway Server

Mailbox Store Server


How the intelligent message filter works with exchange and outlook
How the Intelligent Message Filter Works with Exchange and Outlook

Exchange Server 2003 Back-end

Exchange Server 2003 Gateway Server

Store threshold

User mailbox

Connection filtering

Spam

Recipient filtering

Internet

Yes

No

Sender filtering

Blocked sender

Safe sender

Intelligent Message Filter (GatewayThreshold)

Y

N

Y

N

Inbox

Junk

Inbox


Managing imf archived messages using the archive manager
Managing IMF Archived Messages Using the Archive Manager Outlook

  • Archive Manager C# tool released with source on GotDotNet

    • http://workspaces.gotdotnet.com/imfarchive

  • Supports the following features:

    • Tree view of the Archive directory of messages

    • View of RFC2822 decoded headers and raw message

    • Resubmission of message to pickup directory

    • Deletion of messages

    • Forwarding of message as attachment to third-party address


Demonstration 4 implementing exchange intelligent message filter
Demonstration 4: Implementing Exchange Intelligent Message Filter

Implement and configure Intelligent Message Filter


Session summary
Session Summary Filter

Deploy Exchange Server 2003 and Microsoft Office Outlook 2003 to take advantage of the latest security enhancements

ü

Implement the appropriate base and incremental security templates to fully secure Exchange Server

ü

Install Exchange-aware antivirus applications and maintain security using the MBSA and ExBPA tools

ü

Protect against unwanted e-mail by implementing a layered approach using features such as filtering and the Intelligent Message Filter utility

ü


Next steps
Next Steps Filter

  • Find additional security training events:

    http://www.microsoft.com/seminar/events/security.mspx

  • Sign up for security communications:

    http://www.microsoft.com/technet/security/signup/default.mspx

  • Find additional e-learning clinics

    https://www.microsoftelearning.com/security

  • Get additional security information on Exchange Server 2003:

    http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx