1 Module 5 Securing SCOoffice Server. 2 3 Outlook 21 * 25 80/443* 110/995 143/993 389/636 * Not used by Outlook Express External Firewall Configuration.

Slides:

Advertisements

Similar presentations

Securing Bruce Maggs. Separate Suites of Protocols Protocols for retrieving POP, IMAP, MAPI (Microsoft Exchange) Protocols for sending

Advertisements

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

1 SCOoffice 4.1 For OpenServer Pre-installation Handout.

Chapter 7 HARDENING SERVERS.

Handling Spam in Postfix. Computer Center, CS, NCTU 2 Nature of Spam  Spam UBE – Unsolicited Bulk UCE – Unsolicited Commercial  Spam There.

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

1 Integrating ISA Server and Exchange Server. 2 How works.

2440: 141 Web Site Administration Services Instructor: Enoch E. Damson.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

SSL From Your Smartphone Support for Android Smartphones /

Design and Management of Service

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.

Implementing POP3 and IMAP4 Using Dovecot

1 SCOoffice Server 4.1 Administration Brian Watrous President & CEO ATCS, Inc.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

MD703 Class 9 Agenda Computer Security SSL encryption and Internet security Network Security Chapter 3 Review Chapter 8 Review.

Human-Computer Interface Course 5. ISPs and Internet connection.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

1 北區機房 IP 維運處暨 IDC 維運組鄭任峰郵件系統維運課程 : Sendmail 與 postfix 的設定與比較北區機房 IP 維運處暨 IDC 維運組鄭任峰.

Internet-Based Client Access

 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.

An Analysis of IMAP Security CMPE 209 Presented By Divya Panchal Bepsy Paul Menachery.

Securing Microsoft® Exchange Server 2010

Chapter 6: Packet Filtering

© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.

SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD.

1 Module 1 Overview of SCOoffice Server. 2 Overview SCOoffice Server SCOoffice Address Book™ Desktop componentsServer components SCOoffice Connector™

Mail Service Mail Service using Postfix Campus-Booster ID : **XXXXX

1 SCOoffice Server for OpenServer Technical Overview.

File Transfer Protocol (FTP)

1 SCOoffice Server for OpenServer Basic Administration 2 Rick Powell System Engineer.

Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-

Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Class 6 Agenda Midterm Review Midterm Review –Questions –Toyota Case Computer Security Basics Computer Security Basics –Identification & Authentication.

NA Homework 4+5 Postfix + DNS. 2 Demo >Setup everything before Demo, or you ’ ll get no point if something don ’ t work. >Show your mail functions to.

Mailserver. Why Postfix ? Sendmail’s legacy Built from ground up Central queue-ing More future-proof Exim4 default of debian, but...

1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

ClearTunnel Close the SSL Hole! Copyright ©2008 Collective Software, LLC.

Securing Bruce Maggs. Separate Suites of Protocols Protocols for retrieving POP, IMAP, MAPI (Microsoft Exchange) Protocols for sending

Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.

1 Module 12 Performing Preventive Maintenance. 2 Mon Overview  What is Mon?  Mon is a general purpose service monitor  Mon schedules monitors  Mon.

Operating Systems Proj.. Background A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections.

LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,

LO1 Know types of Network Systems and Protocols. Application Layer Protocols.

Slides based on Carey Williamson’s: FTP & SMTP1 File Transfer Protocol (FTP) r FTP client contacts FTP server at port 21, specifying TCP as transport protocol.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Mailgw for FJFI Petr Vokáč April previous presentations and configuration info

Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.

concepts & protocols

Application layer tcp/ip

IMAP - Mailbox Access Note – OS & Outlook (2007/2010) should be fully patched with latest service pack and patches.

7 Steps to Set Up AT&T on MS Outlook | Customer Support Number

Chapter 4 Core TCP/IP Protocols

SCOoffice Server 4.1 Administration

Managing a Distributed Environment

On the off chance that your business utilizes Roadrunner as your Internet specialist organization, you will have at least one accounts. While you.

MESSAGE ACCESS AGENT: POP AND IMAP

Presentation transcript:

1 Module 5 Securing SCOoffice Server

2

3 Outlook 21 * 25 80/443* 110/ / /636 * Not used by Outlook Express External Firewall Configuration Internet SCOoffice Server SMTP Server 25 WebClient 80/443 Firewall

4 Internal Firewall Configuration SCOoffice Server Firewall 3268 Active Directory Server

5 Internal Firewall Configuration SCOoffice (master) SCOoffice (slave) Firewall / /

6 Remote Office Firewall Configuration SCOoffice (master) SCOoffice (slave) Firewall / / Internet SCOoffice (slave)

7 SCO OpenServer’s HTTP Servers  SCO OpenServer runs HTTP servers on ports:  80 – SCOoffice Server’s HTTP server  443 – SCOoffice Server’s HTTPS server  615 – Internet Configuration Manager  8457 – DocView: Access to SCO OpenServer documentation

8 Other SCOoffice Server Related Ports  SCOoffice Server runs daemons on ports:  21 – ProFTP  25 – SMTP  110 – POP3  143 – IMAP  389 – OpenLDAP  993 – IMAP4 over TLS/SSL  995 – POP3 over TLS/SSL  2000 –Cyrusmaster (sieve)  2003 –Cyrusmaster (LMTP)  2583 – MON  4840 – SASLAUTHD  4844 – SASLAUTHD  – AMaViS

9 Disallowing Open Relay  Don’t let server be used as an open relay  Numerous ways to prevent open relay  We will configure SASLAUTHD + TLS # telnet rose.example.net smtp 220 rose.example.net ESMTP Postfix (2.0.20) HELO nuisance.spammer.net 250 rose.example.net MAIL FROM: 250 Ok RCPT TO: 250 Ok...

10 Disallowing Open Relay  Useful for blocking unwanted SMTP sessions:  smtpd_client_restrictions  smtpd_sender_restrictions  smtpd_recipient_restrictions Stored in LDAP

11 Disallowing Open Relay LOGIN authentication mechanism Base64 encoded usernamebob Base64 encoded passwordbpasswd PLAIN authentication mechanism Base64 encoded: user+NULL+user+NULL+password bob\0\bob\0bpasswd Simple Authentication and Security Layer (SASL)

12 Disallowing Open Relay smtpd saslauthd slapd …/etc/saslauthd.conf ldap_servers: ldap:// / ldap_filter: login=%u …/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: plain login imapd/pop3d …/etc/imapd.conf sasl_pwcheck_method: saslauthd cyrusmaster …/etc/cyrus.conf imapcmd=“imapd –p 2 … pop3cmd=“pop3d” … … SASL AUTHENTICATION

13 Disallowing Open Relay  SASL Configuration on the Server smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = check_sender_access ldap:ldapSenderAccess, permit_sasl_authenticated smtpd_recipient_restrictions = check_recipient_access ldap:ldapRecipientAccess, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_delay_reject = yes

14 Disallowing Open Relay  SASL Configuration on the Client smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/opt/insight/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous

15 Disallowing Open Relay  Create /opt/insight/etc/postfix/sasl_passwd:  Run postmap(1) after creating (or modifying) file example.netalice:apasswd example.orgbob:bpasswd

16 Disallowing Open Relay  TLS v1 is based on SSL v3  Encrypt SMTP traffic using TLS  X.509 certificates

17 Disallowing Open Relay  TLS Configuration on the Server smtpd_tls_cert_file = /opt/insight/etc/ssl/server.pem smtpd_tls_key_file = /opt/insight/etc/ssl/server.pem smtpd_tls_CAfile = /opt/insight/etc/ssl/server.pem smtpd_use_tls = yes

18 Disallowing Open Relay  TLS Configuration on the Client smtp_tls_cert_file = /opt/insight/etc/ssl/server.pem smtp_tls_key_file = /opt/insight/etc/ssl/server.pem smtp_tls_CAfile = /opt/insight/etc/ssl/server.pem smtp_use_tls = yes

19 Disallowing Open Relay  Using a Certificate Authority’s Certificate smtp_tls_CApath = /opt/insight/etc/ssl/ca_cert.pem smtpd_tls_CApath = /opt/insight/etc/ssl/ca_cert.pem

20 Disallowing Open Relay  To test to see if a mail server is an open relay:  Log into the mail server  telnet rt.njabl.org 2500

21 Exercise: Tracing TLS and SASL TLS + SASL Authentication: SASL Authentication Only:

22 Other Restrictions  Other useful restrictions:  smtpd_client_restrictions  smtpd_helo_restrictions  smtpd_sender_restrictions  See

23 Using smtpd_client_restrictions  In main.cf:  In /opt/insight/etc/postfix/smtp_clients: smtpd_client_restrictions = check_client_access hash:/opt/insight/etc/postfix/smtp_clients, permit OK PERMIT REJECT REJECT /24OK example.netOK paper.example.orgDUNNO example.orgREJECT

24 Using smtpd_helo_restrictions  check_helo_access  reject_invalid_hostname  reject_non_fqdn_hostname  reject_unknown hostname  In main.cf:  In /opt/insight/etc/postfix/helo: smtpd_helo_restrictions = reject_invalid_hostname, check_helo_access hash:/opt/insight/etc/postfix/helo example.orgOK example.netREJECT

25 Using smtpd_sender_restrictions  check_sender_access  reject_unknown_sender_domain

26 Creating a Chroot Jail  A chroot jail adds a layer of protection  Limits daemon(s) to /opt/insight/var/spool/postfix  Set the fifth field in master.cf to ‘y’