Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Exchange Server 2003. Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools.

Published byGeorgiana Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Exchange Server 2003. Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools."— Presentation transcript:

1 Securing Exchange Server 2003

2

3 Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools used to help remove unwanted messages such as Spam. Demonstrate the ways in which we can enable Secure External Client Access. Best Practices, tools and tips.

4 Agenda Exchange 2003 Security Overview Smart Screen and Spam Filtering Technology Secure External Client Access Best Practices and tools for Securing Exchange

5 Exchange 2003 Security Considerations: Features and considerations: Secure by design and default Many different clients and connection methods Deployment Scenarios Firewall implementations at the perimeter SMTP Anti-Relay Email filtering by Sender, Recipient and Connection filtering, including Block List services SPAM filtering Anti Virus Support Outlook Web Access publishing Secure by design and default Many different clients and connection methods Deployment Scenarios Firewall implementations at the perimeter SMTP Anti-Relay Email filtering by Sender, Recipient and Connection filtering, including Block List services SPAM filtering Anti Virus Support Outlook Web Access publishing

6 Exchange Server Deployment Scenarios ISA Server integrated General deployment FE/BE deployment Exchange server Internet Front-end Exchange server Back-end Exchange servers ISA server Exchange server

7 Securing Exchange at the perimeter ISA 2004 Firewall Interaction (SMTP) Exchange Server

8 OWA Publishing without ISA 2004 Traditional firewall Web Srv/ OWA clientclient Web server prompts for authentication — any Internet user can access this prompt SSLSSL SSL tunnels through traditional firewalls because it is encrypted… …which allows viruses and worms to pass through undetected… …and infect internal servers! Internet

9 ISA Server can decrypt and inspect SSL traffic URLScan for ISA Server can stop Web attacks at the network edge, even over encrypted SSL ISA Server with HTTP Filtering OWA Publishing with ISA 2004 Web Srv/ OWA clientclient ISA Server 2004 ISA Server pre-authenticates users, eliminating multiple dialog boxes and only allowing valid traffic through SSL or HTTP SSLSSL Internet inspected traffic can be sent to the internal server re-encrypted or in the clear.

10 Securely Publishing Exchange with ISA 2004  SMTP Publishing  SMTP Keyword / Attachment Filtering  OWA Publishing demonstration demonstration

11 Agenda Exchange 2003 Security Overview Smart Screen and Spam Filtering Technology Secure External Client Access Best Practices and tools for Securing Exchange

12 Exchange Message FilteringAccept/ Deny Lists Block Lists Recipient Filter Sender Filtering Intelligent Message Filter Information Store

13 Intelligent Message Filtering Utilizes Smart Screen Machine Learning Applied at the gateway –Marks message with Spam Confidence Level (SCL) rating Utilized throughout the mail stream Scans headers, body of message and other attributes.

14 SCL 5 Spam Filtering with IMF Smart Screen Technology SCL 8 Smart Screen Algorithm Gateway Server Mailbox Store Server 3 rd Party Tools (Anti-Virus) Junk E-mail Folder Inbox SCL 5

15 Enabling and Configuring IMF Configure IMF

16 The Intelligent Message Filter  Exchange 2003 UCE Control Features  Installing IMF  Configuring IMF demonstration demonstration

17 Agenda Exchange 2003 Security Overview Smart Screen and Spam Filtering Technology Secure External Client Access Best Practices and tools for Securing Exchange

18 Secure External Client Access to Exchange Server: What Are the Challenges? Outlook mobile access XHTML, cHTML, HTML ActiveSync-Enabled mobile devices Wireless network Wireless network ISA server Outlook web access Outlook using RPC Outlook using RPC over HTTP(S) Outlook express using IMAP4 or POP3 Outlook web access Outlook using RPC Outlook using RPC over HTTP(S) Outlook express using IMAP4 or POP3 Exchange front-end server Exchange front-end server Exchange back-end servers Exchange back-end servers

19 Configuring Secure Outlook RPC / RPC over HTTP(S) Client Access Outlook client Outlook client Exchange servers Exchange servers ISA server Use the mail server publishing rule to enable Outlook RPC connections

20 Configuring RPC over HTTP(S) Client Access Considerations RPC over HTTP(S) requires: Exchange Server 2003 running on Windows Server 2003 and Windows Server 2003 global catalog servers Outlook 2003 running on Windows XP Windows Server 2003 server running RPC proxy server Modifying the Outlook profile to use RPC over HTTP(S) to connect to the Exchange server To enable RPC over HTTP(S) connections through ISA Server, use the Secure Web Publishing Wizard to publish the /rpc/*virtual directory

21 RPC over HTTPS  Installing RPC over HTTPS  Configuration of ISA Server demonstration demonstration

22 Agenda Exchange 2003 Security Overview Smart Screen and Spam Filtering Technology Secure External Client Access Best Practices and tools for Securing Exchange

23 Maintaining Security on Exchange Server: What Are the Challenges? Challenges to maintaining security on an Exchange server include: Hardening the Servers Keeping up with the latest security updates Keeping up with recommended best practices Understanding the impact of configuring the various options within Exchange Server Maintaining documentation on configuration and security settings Hardening the Servers Keeping up with the latest security updates Keeping up with recommended best practices Understanding the impact of configuring the various options within Exchange Server Maintaining documentation on configuration and security settings

24 Hardening Back-End Exchange Servers Tasks for hardening back-end Exchange servers include: Hardening services (Reduce Attack Surface) Hardening file access control lists (ACLs) Changing privilege rights Enabling additional services (optional) Hardening services (Reduce Attack Surface) Hardening file access control lists (ACLs) Changing privilege rights Enabling additional services (optional) Apply the Exchange 2003 Backend.inf security template to your back-end servers

25 Hardening Front-End Exchange Servers Tasks for hardening front-end Exchange servers include: Hardening services (Reduce Attack Surface) Hardening file access control lists (ACLs) Enabling additional services (optional) Running URLScan (optional but recommended) Dismounting the mailbox store and deleting the public folder store (optional but recommended) Hardening services (Reduce Attack Surface) Hardening file access control lists (ACLs) Enabling additional services (optional) Running URLScan (optional but recommended) Dismounting the mailbox store and deleting the public folder store (optional but recommended) Apply the Exchange 2003 Frontend.inf security template to your front-end servers

26 Analyzing Exchange Server 2003 Using MBSA MBSA checks for issues related to the following: Known Windows and Internet Explorer security issues Missing security updates Weak account passwords Internet Information Services (IIS) security issues Exchange Server security issues SQL Server security issues

27 Validating Exchange Server Configuration Settings ExBPA can examine your Exchange servers to: Generate a list of issues, such as misconfigurations or unsupported or non-recommended options Judge the general health of a system Help troubleshoot specific problems Includes the MBSA tool

28 Securing Exchange Servers: Best Practices Limit Exchange Server functionality to clients that are strictly required Remain current with the latest updates for both Exchange Server 2003 and the operating system Use SSL/TLS and forms-based authentication for Outlook Web Access Use ISA Server 2004 to regulate access for HTTP, RPC over HTTPS, POP3, and IMAP4 traffic Decide on Exchange Server design and harden servers according to their roles

29 Exchange Tools  Exchange Best Practice Analyzer demonstration demonstration

30 Session Summary Deploy Exchange Server 2003 and Microsoft Office Outlook 2003 to take advantage of the latest security enhancements Implement the appropriate base and incremental security templates to fully secure Exchange Server Install Exchange-aware antivirus applications and maintain security using the MBSA and ExBPA tools Protect against unwanted e-mail by implementing a layered approach using features such as filtering and the Intelligent Message Filter utility Keep up to date with the latest best practices and techniques for securing Exchange Server 2003

31 For More Information… Main TechNet Web site at –www.microsoft.ca/technet Anti Spam Capabilities in Exchange 2003 –www.microsoft.com/exchange/techinfo/security/antispam.asp Microsoft Anti Spam Technology –www.microsoft.com/mscorp/twc/privacy/spam.mspx IMF download from –www.microsoft.com/exchange/imf

32 Where Can I Get TechNet? Visit TechNet online at www.microsoft.ca/technet Register for the TechNet Flash /technet/abouttn/subscriptions/flash_register.mspx Join the TechNet online forum at www.microsoft.ca/technet/community Become a TechNet subscriber at www.microsoft.ca/technet/abouttn/Subscriptions Attend more TechNet events or view online www.microsoft.ca/technet/community/events

33

Download ppt "Securing Exchange Server 2003. Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools."

Similar presentations

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
The Natural way for Secure Mobile Email v.1.4 www.AGATSolutions.com.

The Natural way for Secure Mobile v.1.4
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
Securing Exchange, IIS, and SQL Infrastructures

Securing Exchange, IIS, and SQL Infrastructures
Implementing Application and Data Security Fred Baumhardt Senior Consultant – Security and Architecture Microsoft Consulting Services - UK.

Implementing Application and Data Security Fred Baumhardt Senior Consultant – Security and Architecture Microsoft Consulting Services - UK.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
© 2003 Microsoft Limited. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied,

© 2003 Microsoft Limited. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied,
Implementing Application and Data Security Presenter Name Job Title Company.

Implementing Application and Data Security Presenter Name Job Title Company.
Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.

Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.
Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.

Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Implementing Exchange Server Security Ward Solutions.

Implementing Exchange Server Security Ward Solutions.

Similar presentations

Ads by Google