Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Slides:



Advertisements
Similar presentations
Planning and Administering Windows Server® 2008 Servers
Advertisements

Overview of Server Roles in Exchange Server 2010 In Exchange Server 2010, servers are installed with specific functional roles: Mailbox Server role Edge.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Implementing and Administering AD FS
Implementing Domain Name System
Module 5: Configuring Access for Remote Clients and Networks.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
Implementing Exchange Server Security Ward Solutions.
Implementing High Availability
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
1 Enabling Secure Internet Access with ISA Server.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Copyright© Microsoft Corporation Speaker:Engagement consultant Title of presentation:Assessment of the Environment Length of presentation: 45 minutes Audience:Customer.
CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.
SIM309. Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving –borne viruses.
Securing Windows Servers Using Group Policy Objects
Module 2 Configuring Mailbox Servers. Module Overview Overview of Exchange Server 2010 Administrative Tools Configuring Mailbox Server Roles Configuring.
Module 13: Configuring Availability of Network Resources and Content.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Module 4: Add Client Computers and Devices to the Network.
Module 14: Configuring Print Resources and Printing Pools.
Securing Microsoft® Exchange Server 2010
Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring Protection Configuring.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Deploying and Maintaining Server Images
Implementing Network Access Protection
Configuring Encryption and Advanced Auditing
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 14: Configuring Server Security Compliance
Module 9 Configuring Messaging Policy and Compliance.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 6 Planning and Deploying Messaging Security.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 11: Remote Access Fundamentals
Module 8: Configuring Network Access Protection
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Module 9: Fundamentals of Securing Network Communication.
Module 9 Configuring Messaging Policy and Compliance.
Module 11 Maintaining Microsoft® Exchange Server 2010.
Module 5 Managing Message Transport. Module Overview Overview of Message Transport Configuring Message Transport.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Module 7: Managing Message Transport. Overview Introduction to Message Transport Implementing Message Transport.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Module 5 Managing Message Transport. Module Overview Overview of Message Transport Configuring Message Transport.
Module 12 Integrating Exchange Server 2010 with Other Messaging Systems.
Module 3 Managing Recipient Objects. Module Overview Managing Mailboxes Managing Other Recipients Configuring Address Policies Configuring Address.
Module 2: Overview of IIS 7.0 Application Server.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 11 Upgrading to Microsoft ® Exchange Server 2010.
Module 5 Planning and Deploying Message Transport in Microsoft® Exchange Server 2010.
Module 7 Planning and Deploying Messaging Compliance.
Appendix A Implementing Unified Messaging. Appendix Overview Overview of Telephony Introducing Unified Messaging Configuring Unified Messaging.
Module 2: Installing Exchange Server Overview Introduction to the Exchange Server 2007 Server Roles Installing Exchange Server 2007 Completing the.
Module 7: Implementing Security Using Group Policy.
Module 10: Windows Firewall and Caching Fundamentals.
Implementing Microsoft Exchange Online with Microsoft Office 365
Module 3 Planning for Active Directory®
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Planning and Configuring Message Hygiene
Module 3: Enabling Access to Internet Resources
Securing the Network Perimeter with ISA 2004
Presentation transcript:

Module 6 Implementing Messaging Security

Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution Configuring Secure SMTP Messaging

Lesson 1: Deploying Edge Transport Servers What Is the Edge Transport Server Role? Edge Transport Server Role Infrastructure Requirements What Is AD LDS? Demonstration: How to Configure Edge Transport Servers What Is Edge Synchronization? How Internet Message Flow Works Demonstration: How to Configure Edge Synchronization What Is Cloned Configuration? Discussion: Securing Edge Transport Servers

The Edge Transport server role: What Is the Edge Transport Server Role? The Edge Transport server role provides: Internet message delivery Antivirus and anti-spam protection Edge transport rules Address rewriting Cannot be deployed with any other server role Should not be a member of the internal Active Directory domain Should be deployed in a perimeter network

Edge Transport Server Role Infrastructure Requirements The Edge Transport server: Must be configured with a Fully Qualified Domain Name Requires a minimal number of ports opened on the internal and external firewalls Must be configured with the IP addresses for DNS servers that can resolve DNS names on the Internet

What Is AD LDS? AD LDS on an Edge Transport server stores: Schema information Configuration information Recipient information AD LDS is an LDAP directory service that stores information for directory-enabled applications You can use the Exchange Server 2010 tools to perform most of the AD LDS configuration tasks

Demonstration: How to Configure Edge Transport Servers In this demonstration, you will: Review the Edge Transport server default configuration

What Is Edge Synchronization? Reasons for implementing Edge Synchronization include: Simplifying Edge Transport server configuration Using recipients for transport or filtering rules Edge Synchronization replicates Active Directory information to AD LDS on Edge Transport servers Edge Synchronization: Includes configuration and recipient information Is always initiated by Hub Transport servers

How Internet Message Flow Works Hub Transport / Client Access / Mailbox Server Edge Transport Server

Demonstration: How to Configure Edge Synchronization In this demonstration, you will: Enable Edge Synchronization Test Edge Synchronization Configure address rewriting

Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

What Is Cloned Configuration? To implement cloned configuration, use the: ExportEdgeConfig script to export configuration information ImportEdgeConfig script to validate the configuration on the target server, and then create an answer file ImportEdgeConfig script to import configuration information Cloned configuration is a process of configuring multiple Edge Transport servers with identical configurations

Discussion: Securing Edge Transport Servers Why is it important to secure Edge transport servers? What factors should you consider at the operating system level? How do you secure an Edge Transport Server?

Lesson 2: Deploying an Antivirus Solution Antivirus Solution Features in Exchange Server 2010 What Is Forefront Protection 2010 for Exchange Server? Forefront Protection 2010 Deployment Options Best Practices for Deploying an Antivirus Solution Demonstration: How to Install and Configure Forefront Protection 2010 for Exchange Server

Antivirus Solution Features in Exchange Server 2010 Exchange Server 2010 supports: Using the same VSAPI as is used in Exchange Server 2003 and Exchange Server 2007 Using transport agents to filter and scan messages Using antivirus stamping to mark each scanned message Integration with Forefront Protection 2010 for Exchange Server

What Is Forefront Protection 2010 for Exchange Server? Benefits of Forefront Protection 2010 for Exchange Server include: Full support for VSAPI Antivirus scan with multiple scan engines Microsoft IP Reputation Service Automated content filtering updates Spam signature updates Premium spam protection

Forefront Protection 2010 Deployment Options You can install Forefront Protection 2010: Only on an Edge Transport server or a Hub Transport server On an Edge Transport server or a Hub Transport server and a Mailbox server When installing Forefront Protection 2010, consider: The number of scan engines required The types of scan engines that should be used

Best Practices for Deploying an Antivirus Solution When you implement an antivirus solution, you should: Implement multiple layers of antivirus such as: Firewall or Edge Transport server Client Exchange server Maintain regular antivirus updates

Demonstration: How to Install and Configure Forefront Protection 2010 for Exchange Server In this demonstration, you will see how to: Install Forefront Protection 2010 for Exchange Server Configure Forefront Protection 2010 for Exchange Server Manage Forefront Protection 2010

Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

Lab A: Configuring Edge Transport Servers and Forefront Protection 2010 Exercise 1: Configuring Edge Transport Servers Exercise 2: Configuring Forefront Protection 2010 for Exchange Servers Logon information Estimated time: 45 minutes Virtual machines VAN-DC1, VAN-EX1, VAN-SVR1 User nameAdministrator Password Pa$$w0rd

Lab Scenario You are a messaging administrator in A. Datum Corporation, which is a large multinational organization. Your organization has deployed Exchange Server 2010 internally, and it now wants to extend it so that everybody can send and receive Internet . As part of your job responsibilities, you need to set up an Edge Transport server, and then install an antivirus solution to scan all mail.

Lab Review When you implement new certificates on your existing Edge Transport server, what do you need to consider? Does the Forefront Protection 2010 Suite scan the message multiple times when it is passed over Edge Transport and Hub Transport servers?

Lesson 3: Deploying an Anti-Spam Solution Overview of Spam-Filtering Features How Exchange Server 2010 Applies Spam Filters What Is Sender ID Filtering? What Is Sender Reputation Filtering? What Is Content Filtering? Demonstration: How to Configure Anti-Spam Options

Overview of Spam-Filtering Features Feature Filters messages based on: Connection Filtering The IP address of the sending SMTP server Content FilteringThe message contents Sender IDThe IP address of the sending server from which the message was received Sender FilteringThe Sender in the MAIL FROM: SMTP header Recipient FilteringThe Recipients in the RCPT TO: SMTP header Sender ReputationSeveral characteristics of the sender, accumulated over a period of time Attachment Filtering Attachment file name, file name extension, or file MIME content type

Exchange Server 2010 Edge Transport server Exchange Server 2010 Edge Transport server How Exchange Server 2010 Applies Spam Filters Internet Sender Filtering Below SCL Threshold Outlook Safe Senders List Exceed SCL Threshold Recipient Filtering Connection Filtering RBL IP Allow List IP Block List Content Filtering Sender ID Filtering

What Is Sender ID Filtering? Internet SMTP Server DNS Server Edge Transport Server Hub Transport Server You can configure it to: Reject messages and issue an nondelivery report (NDR) Delete messages without sending an NDR Stamp the messages with the SenderID result, and continue processing Sender ID filtering is a concept in virus protection that was introduced in Exchange Server 2007

What Is Sender Reputation Filtering? The Protocol Analysis agent assigns an SRL that is based on: Sender open proxy test HELO/EHLO analysis Reverse DNS lookup Analysis of SCL ratings on messages from a particular sender Sender Reputation filtering filters messages based on information about recent messages received from specific senders

What Is Content Filtering? You can configure content filtering to: Delete, reject, or quarantine messages that exceed an SCL value Block or allow messages based on a custom word list Allow exceptions so that messages sent to specified recipients are not filtered Content Filtering analyzes the content of each message and assigns an SCL to the message Quarantined messages are sent to a quarantine mailbox

Demonstration: How to Configure Anti-Spam Options In this demonstration, you will see how to: Configure Connection Filtering Configure Sender and Recipient Filtering Configure Sender ID and Sender Reputation Filtering Configure Content Filtering

Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

Lesson 4: Configuring Secure SMTP Messaging Discussion: SMTP Security Issues SMTP Security Options Demonstration: How to Configure SMTP Security What Is Domain Security? How Domain Security Works Process for Configuring Domain Security Demonstration: How to Configure Domain Security How S/MIME Works

Discussion: SMTP Security Issues What are the SMTP security issues? How do you currently secure SMTP?

SMTP Security Options Protocol LayerPurpose IPSecNetwork-basedEncrypts server-to-server or client-to-server traffic VPNNetwork-basedEncrypts site-to-site traffic TLSSession-basedEncrypts server-to-server traffic S/MIMEClient-basedEncrypts client side and enables digital signing SMTP can be additionally secured by using authentication and authorization on the SMTP connector

Demonstration: How to Configure SMTP Security In this demonstration, you will see how to: Configure an externally secured SMTP Connector Configure an SMTP Connector that requires TLS and authentication

Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

What Is Domain Security? To set up mutual TLS: Generate a certificate request for TLS certificates Import and enable the certificate on the Edge Transport server Configure outbound Domain Security Configure inbound Domain Security Uses mutual TLS with business partners to enable secured message paths over the Internet

How Domain Security Works Mail Client

Process for Configuring Domain Security To configure Domain Security: Generate a certificate request for TLS certificates Import certificate to Edge Transport servers Configure outbound Domain Security Configure inbound Domain Security Notify partner to configure Domain Security Test mail flow

Demonstration: How to Configure Domain Security In this demonstration, you will see how to: Verify certificate and check Receive connector Configure Domain Security

Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

How S/MIME Works MethodType of Security Provided Digital signaturesAuthentication: The message was sent by the person or organization who claims to have sent it Nonrepudiation: Helps to prevent the sender from disowning the message Data integrity: Any alteration of the message invalidates the signature Message encryptionOnly the intended recipient can view the contents S/MIME Infrastructure requirements: The sender must have a valid certificate installed All target addresses must have a public certificate available either locally or in Active Directory Can use either an internal or public CA

Lab B: Implementing Anti-Spam Solutions Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers Estimated time: 65 minutes Logon information Virtual machines VAN-DC1, VAN-EX1, VAN-SVR1 User nameAdministrator Password Pa$$w0rd

Lab Scenario After configuring the Edge Transport server and installing an antivirus solution, you must implement an anti-spam solution.

Lab Review What anti-spam agents are available in Exchange Server 2010? What is the purpose of the SCL threshold? What are the possible issues in implementing Domain Security for your partner domains?

Module Review and Takeaways Review Questions Common Issues and Troubleshooting Tips

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.