70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Deploying and Managing Active Directory Certificate Services
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.
Chapter 9 Deploying IIS and Active Directory Certificate Services
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Chapter 11: Active Directory Certificate Services
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
1 Integrating ISA Server and Exchange Server. 2 How works.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
Configuring Active Directory Certificate Services Lesson 13.
CSCI 6962: Server-side Design and Programming
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Masud Hasan Secue VS Hushmail Project 2.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Seven Configuring and Managing Exchange Server.
Unit 1: Protection and Security for Grid Computing Part 2
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Two Installing and Configuring Exchange Server 2003.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.
Module 7 Planning and Deploying Messaging Compliance.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Chapter 4 Cryptography / Encryption
Install AD Certificate Services
Presentation transcript:

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003

MCSE Guide to Microsoft Exchange Server 2003 Administration 2 Objectives Understand how to administer permissions within Exchange Server 2003 Understand the process of delegating authority within an Exchange Server 2003 organization Understand the concepts behind a Public Key Infrastructure

MCSE Guide to Microsoft Exchange Server 2003 Administration 3 Objectives (continued) Describe how to install and configure a Windows 2000/2003 Public Key Infrastructure Describe the use of SSL/TLS for securing communication between two computers Understand how to make use of certificates to encrypt and sign

MCSE Guide to Microsoft Exchange Server 2003 Administration 4 Securing Exchange Server 2003 Most Exchange Server security features are provided by Windows 2000/2003 Windows operating system security features: –Mechanisms for address authentication and access control –Public Key Infrastructure (PKI) provided by the OS Exchange Server 2003 features: –Mechanisms securing message delivery (SSL/TLS) –S/MIME uses PKI to send encrypted/signed messages

MCSE Guide to Microsoft Exchange Server 2003 Administration 5 Administering Permissions Within Exchange Server 2003 Manage security by assigning permissions in Active Directory Utilize security model of Windows 2000/2003 Secure objects with two lists: –Discretionary Access Control List (DACL) –Individual Access Control Entries (ACE) Object permissions are configured using the Security tab in Exchange System Manager Permissions may be granted or denied –Denied permission overrides instances of approvals

MCSE Guide to Microsoft Exchange Server 2003 Administration 6 Administering Permissions Within Exchange Server 2003 (continued) Permissions are assigned directly or inherited Parent object occupies a higher position in the hierarchy Permissions are inherited through organizational hierarchy –Organization node is at the top of hierarchy –All other nodes inherit from the Organization node Pointers on assigning permissions: –Apply to container objects like administrative groups –Use Exchange System Manager to directly apply –Inheritance of permissions may be blocked

MCSE Guide to Microsoft Exchange Server 2003 Administration 7 Administering Permissions Within Exchange Server 2003 (continued) Two types of permissions: standard and extended Standard permissions are part of the default permissions for Active Directory –Ex: specify which users are in Administrators group Extended permissions provide specific administrative control –Added when Exchange Server 2003 is installed –Ex: Administer Information Store specifies which users or groups can change Information Store objects

MCSE Guide to Microsoft Exchange Server 2003 Administration 8

9

10 Administering Permissions Within Exchange Server 2003 (continued) Two extended permissions to use with care: –Send As: gives a user or group permission to impersonate a user –Receive As: gives user or group the capability to open another user's mailbox Permissions used at different levels: –Organization (global) level: pass to all lower levels –Server level: pass to child nodes of permissioned server –Storage group level: pass to mailbox and public folders –Individual node level: assigned on a particular basis

MCSE Guide to Microsoft Exchange Server 2003 Administration 11 Activity 10-1: Configuring the Security Tab Within Exchange System Manager Time Required: 10 to 20 minutes Objective: Enable the Security tab for all objects within Exchange System Manager Description: Configure Exchange System Manager to display the Security tab for all objects within the organization. Exchange System Manager should be configured to display the Security tab on each system in your organization.

MCSE Guide to Microsoft Exchange Server 2003 Administration 12 Activity 10-2: Assigning Permissions Time Required: 10 to 20 minutes Objective: Set the permissions within Exchange System Manager Description: Create the Helpdesk global group and then set the permissions on the First Administrative Group to grant the Helpdesk global group permissions to administer the First Administrative Group. The permissions are then inherited by all objects beneath the First Administrative Group.

MCSE Guide to Microsoft Exchange Server 2003 Administration 13

MCSE Guide to Microsoft Exchange Server 2003 Administration 14 Activity 10-3: Blocking Inheritance Time Required: 10 to 20 minutes Objective: Block permission inheritance on an object Description: You override or stop inheriting permissions from the First Administrative Group container. After creating a new global group, you set the permissions on the First Routing Group to disallow inheritance, set the permissions on the First Administrative Group, and then look at the permissions on the First Routing Group to determine if any are inherited.

MCSE Guide to Microsoft Exchange Server 2003 Administration 15

MCSE Guide to Microsoft Exchange Server 2003 Administration 16

MCSE Guide to Microsoft Exchange Server 2003 Administration 17

MCSE Guide to Microsoft Exchange Server 2003 Administration 18

MCSE Guide to Microsoft Exchange Server 2003 Administration 19 Delegating Authority Administrative models for an organization: –Centralized: one group maintains global control –Decentralized: separate administrative groups for each Exchange administrator group –Mixed: combines centralized and decentralized Exchange Administration Delegation Wizard –Grants different types of permissions to different users or groups –Supports three roles: Exchange Full Administrator Exchange Administrator Exchange View Only Administrator

MCSE Guide to Microsoft Exchange Server 2003 Administration 20

MCSE Guide to Microsoft Exchange Server 2003 Administration 21

MCSE Guide to Microsoft Exchange Server 2003 Administration 22

MCSE Guide to Microsoft Exchange Server 2003 Administration 23 Delegating Authority (continued) Scope of objects on which a user or group has permissions: –Determined by the location where the Delegation Wizard started –Typical starting locations: Organization: propagates down hierarchy Administrative group object: propagates to internal objects

MCSE Guide to Microsoft Exchange Server 2003 Administration 24 Public Key Infrastructures Public Key Infrastructure (PKI) –Set of digital certificates and certification authorities –Verifies identity of sending and receiving parties on network Exchange Server and Key Management Service –Key Management Service (KMS) has been removed –Key archival and recovery tasks have been passed to the operating system

MCSE Guide to Microsoft Exchange Server 2003 Administration 25 Key-Based Cryptography Two types of cryptographic algorithms: –Symmetric or secret key –Asymmetric or public key Symmetric cryptography –Sender and receiver share a single, predetermined key –Key encrypts and decrypts transmitted message –Symmetric: same key used on both ends Flaw with symmetric cryptography –Sender/receiver transmit the shared key before encryption –Possibility that the shared key may be intercepted

MCSE Guide to Microsoft Exchange Server 2003 Administration 26 Key-Based Cryptography (continued) Public key cryptography –Solves problem of insecure transmission of shared key –Utilizes asymmetric keys Key for encryption and decryption are different No need to keep encryption key secret –Uses "trapdoor one-way" mathematical function on plaintext message to create an encrypted message Easy to encrypt in direction of encryption, not decryption

MCSE Guide to Microsoft Exchange Server 2003 Administration 27 Key-Based Cryptography (continued) Example of public key cryptography –Alice uses public key to encrypt message to Bob –Bob uses private key (not transmitted) to decrypt –Eve cannot intercept Bob's key

MCSE Guide to Microsoft Exchange Server 2003 Administration 28 Certificates, Certificate Authorities, and Trust Encrypting messages using public key encryption system –Senders need to access public keys of intended recipients –Third party acts as a repository for users' public keys –Third party verifies public keys –Windows Server 2003 built-in PKI performs tasks Two most important PKI features: –Digital certificate contains public key and user data –Certification authority (CA) issues and validates certificate

MCSE Guide to Microsoft Exchange Server 2003 Administration 29 Certificates, Certificate Authorities, and Trust (continued) Certification authorities: –Third party such as Thawte or VeriSign –Windows Server 2003 configured as a CA Certificate chain –Several CAs are involved in transmission –Trusted root certificate lies at top level of chain

MCSE Guide to Microsoft Exchange Server 2003 Administration 30 Certificates, Certificate Authorities, and Trust (continued) Example of using a CA –Bob receives encrypted message from Alice –Bob references trusted CA to verify Alice's public key –Another CA verifies public key of CA up the chain to the trusted root

MCSE Guide to Microsoft Exchange Server 2003 Administration 31 Windows 2003 Public Key Infrastructures Active Directory maintains information for CA –Account names –Group memberships –Certificate templates –CAs installed in domain –Certificate mappings to user accounts For authenticating clients Controlling access to network resources Install Windows 2000/2003 Certificate Services to create a CA

MCSE Guide to Microsoft Exchange Server 2003 Administration 32 Windows 2003 Public Key Infrastructures (continued) Enterprise certificate servers are Active Directory integrated Stand-alone CAs may be members of a domain or workgroup Differences between stand-alone and enterprise CA –Stand-alone CA stores data in a local database –Stand-alone does not use certificate templates Either rooted or cross-certification hierarchies may be established

MCSE Guide to Microsoft Exchange Server 2003 Administration 33 Windows 2003 Public Key Infrastructures (continued) Rooted hierarchy is the most common CA structure –Defines either stand-alone or enterprise root CA –Root CA issues itself a certificate (self-signed) –Below root are enterprise or stand-alone CAs –Root CA issues certificates to subordinate CAs –Issuing CAs may exist below subordinate CAs Cross-certification CA: acts as root and subordinate –Used between organizations seeking to establish certificate trust –Used by participants that have existing CA hierarchies

MCSE Guide to Microsoft Exchange Server 2003 Administration 34

MCSE Guide to Microsoft Exchange Server 2003 Administration 35

MCSE Guide to Microsoft Exchange Server 2003 Administration 36 Activity 10-4: Installing Certificate Services Time Required: 10 to 20 minutes Objective: Install Certificate Services into a domain Description: Install Certificate Services on your back-end server. You install an enterprise CA for the forest as you will need to subsequently issue certificates to other entities in future activities.

MCSE Guide to Microsoft Exchange Server 2003 Administration 37

MCSE Guide to Microsoft Exchange Server 2003 Administration 38 Securing Communications Require SSL/TLS for secure SMTP connections SSL 3.0 is the basis for Transport Layer Security protocol (TLS 1.0) SLS/TLS secures client-to-server and server-to- server traffic SLS/TLS secures POP/IMAP and OWA traffic in a client-server scenario SLS/TLS secures traffic between two back-end servers in server-server scenario

MCSE Guide to Microsoft Exchange Server 2003 Administration 39 Securing Communications (continued) SMTP servers use port 25 by default Servers not using SSL/TLS cannot use port 25 Solution to port 25 problem: Extended SMTP protocol (ESMTP) ESMTP features: –Clients query servers to discover supported features –Keyword STARTTLS determines if SSL/TLS is available on port –If SSL/TLS is available, servers may transmit securely

MCSE Guide to Microsoft Exchange Server 2003 Administration 40 Securing Communications (continued) Select one of the following three scenarios when enabling SSL/TLS: –Force SSL/TLS for all traffic –Enable SSL/TLS for specific domains –Enable SSL/TLS for inbound To secure client-to-server traffic: –Install certificates on virtual servers involved –Enable servers to require TLS encryption Acquire digital certificate for POP3 SMTP virtual servers

MCSE Guide to Microsoft Exchange Server 2003 Administration 41 Activity 10-5: Configuring a POP3 Server SSL/TLS Encryption Time Required: 20 to 40 minutes Objective: Configure POP3 and SMTP for SSL/TLS encryption with a POP3 client Description: Configure your back-end server to force the POP3 client to negotiate an SSL/TLS connection before user credentials are sent to the server. You also need to encrypt the client traffic being sent by requesting and installing a certificate on the back-end server’s default SMTP virtual server.

MCSE Guide to Microsoft Exchange Server 2003 Administration 42

MCSE Guide to Microsoft Exchange Server 2003 Administration 43

MCSE Guide to Microsoft Exchange Server 2003 Administration 44 Activity 10-6: Configuring a POP3 Client for Access to a Secure POP3 Server Time Required: 20 to 40 minutes Objective: Configure Outlook Express for communication with a secure POP3 server Description: Your front-end server acts as the client. On the front-end server, you configure Outlook Express to support SSL/TLS encryption with the back-end server. Prior to configuring your client, you need to download the root certificate to establish a trust with the certificate that was installed on the back-end server.

MCSE Guide to Microsoft Exchange Server 2003 Administration 45

MCSE Guide to Microsoft Exchange Server 2003 Administration 46 Encryption S/MIME protocol is an updated version of MIME –Ensures "end-to-end" security –Sends secure by digitally signing or encrypting –Recipients decrypt messages upon receipt S/MIME enables compatibility and authentication between different organizations and vendors Obtain client certificate before configuring Outlook 2003 for secure messaging

MCSE Guide to Microsoft Exchange Server 2003 Administration 47 Activity 10-7: Configuring Outlook 2003 for S/MIME Time Required: 20 to 40 minutes Objective: Obtain a digital certificate for your Outlook client Description: You obtain a digital certificate for your Outlook clients to enable secure transfer of e- mail between them. Each client will obtain a certificate from the CA.

MCSE Guide to Microsoft Exchange Server 2003 Administration 48

MCSE Guide to Microsoft Exchange Server 2003 Administration 49 Activity 10-8: Sending Encrypted and Signed Time Required: 10 to 20 minutes Objective: Send encrypted and signed between two Outlook clients Description: You send an encrypted and digitally signed between two Outlook clients and reply to the that was sent.

MCSE Guide to Microsoft Exchange Server 2003 Administration 50

MCSE Guide to Microsoft Exchange Server 2003 Administration 51 Summary Permissions may be assigned directly or inherited Two permission types: standard and extended Standard permissions are part of Active Directory Extended permissions are added when Exchange is installed Exchange Administration Delegation Wizard assigns administrative roles

MCSE Guide to Microsoft Exchange Server 2003 Administration 52 Summary (continued) PKI manages public key–based applications using public key cryptography In symmetric key cryptography, encryption and decryption keys are identical Public key cryptography uses asymmetric keys Certificates verify the identities of senders and receivers CA issues and validates digital certificates

MCSE Guide to Microsoft Exchange Server 2003 Administration 53 Summary (continued) Root certificate: forms root of certificate authority that a receiver accepts as authentic SSL/TLS encrypts and secures client-to-server and server-to-server traffic Utilize SMTP connector for server-to-server SSL/TLS S/MIME protocol digitally signs or encrypts s S/MIME is an updated version of MIME encoding standard

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.