Download presentation
Presentation is loading. Please wait.
Published byKory Maxwell Modified over 8 years ago
1
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server
2
Overview Issues in E-Mail Security Configuring ISA Server to Secure SMTP Traffic Configuring ISA Server to Secure Web Client Connections Configuring ISA Server to Secure Client Connections
3
Lesson: Issues in E-Mail Security E-Mail Security Threats Overview E-Mail Access Using Web Clients E-Mail Access Using Outlook Clients E-Mail Access Using POP3, IMAP4, and NNTP Clients SMTP Protocol-Level Exploits Unwanted and Malicious E-Mail How ISA Server 2004 Secures Exchange Server
4
E-Mail Security Threats Overview Ensuring the security of e-mail includes: Ensuring that all e-mail client connections to the e-mail server are secure Protecting the e-mail servers from SMTP exploits Preventing unwanted or malicious e-mails from entering the organization’s network Ensuring that all e-mail client connections to the e-mail server are secure Protecting the e-mail servers from SMTP exploits Preventing unwanted or malicious e-mails from entering the organization’s network
5
E-Mail Access Using Web Clients Outlook Mobile Access XHTML, cHTML, HTML ActiveSync Enabled Mobile Devices ISA Server Outlook Web Access Exchange Front-End Server Exchange Back-End Servers Wireless Network
6
Outlook RPC Connections Outlook RPC over HTTP Connections E-Mail Access Using Outlook Clients Port 135 and dynamic ports Port 80 or 443 Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server ISA Server
7
POP3 Connections IMAP4 Connections E-Mail Access Using POP3, IMAP4, and NNTP Clients Port 110 or 995 Port 25 Port 143 or 993 Port 25 Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server ISA Server
8
SMTP Protocol-Level Exploits SMTP servers can be vulnerable to: Buffer overflow attacks when SMTP commands are sent with more than expected data, causing memory buffer overflows Mail relay attacks when an SMTP server is used to forward unwanted e-mail to Internet recipients SMTP command attacks where SMTP commands are used to compromise the server or gain information about the server or recipients on the server Buffer overflow attacks when SMTP commands are sent with more than expected data, causing memory buffer overflows Mail relay attacks when an SMTP server is used to forward unwanted e-mail to Internet recipients SMTP command attacks where SMTP commands are used to compromise the server or gain information about the server or recipients on the server
9
Unwanted and Malicious E-Mail Unwanted e-mail is unsolicited commercial e-mail that: Consumes server and network resources Reduces user productivity and increases administrative effort Can be filtered using an application-level filter May result in exposure to legal liability Consumes server and network resources Reduces user productivity and increases administrative effort Can be filtered using an application-level filter May result in exposure to legal liability Malicious e-mails contain viruses or worms that: Damage data or computers or consume network and computer resources Increase administrative cost and effort Increase the risk of an information leak Damage data or computers or consume network and computer resources Increase administrative cost and effort Increase the risk of an information leak
10
How ISA Server 2004 Secures Exchange Server Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server Mail publishing wizards Filtering unwanted e-mail SMTP command filtering SMTP command filtering Secure access for Outlook clients Secure access for Outlook clients Secure access for Web clients ISA Server
11
Lesson: Configuring ISA Server to Secure SMTP Traffic How ISA Server Secures SMTP Traffic How to Configure ISA Server to Secure SMTP Traffic How SMTP Filtering Works How to Configure the SMTP Application Filter How SMTP Message Screener Works How to Implement SMTP Message Screener Integrating ISA Server and Exchange Server to Secure SMTP Traffic
12
How ISA Server Secures SMTP Traffic Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server Use Mail Publishing Wizard to publish SMTP Servers Use SMTP message screener to filter unwanted e-mail Use SMTP application filter to filter SMTP commands SMTP Server ISA Server
13
To configure ISA Server to secure SMTP traffic: Configure the internal SMTP servers as SecureNAT clients 3 3 Configure an access rule for internal SMTP servers to send e-mail to the Internet 4 4 Configure DNS so the Internal SMTP servers can resolve Internet host names 5 5 Use the Mail Server Publishing Wizard to publish the SMTP server 2 2 Configure MX records on the Internet servers to refer to the computer running ISA Server 1 1 How to Configure ISA Server to Secure SMTP Traffic
14
Practice: Publishing an SMTP Server Creating the Internet DNS records Configuring a new SMTP mail server publishing rule Configuring outbound SMTP traffic Testing SMTP traffic flow Internet Den-ISA-01 Den-DC-01 Gen-Web-01 Den-Msg-01
15
How SMTP Filtering Works Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server EHLO contoso.com Mail from: Ben@contoso.com Rcpt to: Jay@cohovineyard.com Data EHLO contoso.com Mail from: Ben@contoso.com Rcpt to: Jay@cohovineyard.com Data Is the … Command allowed? Command length allowed? SMTP Server ISA Server
16
How to Configure the SMTP Application Filter
17
How SMTP Message Screener Works Exchange Back-End Servers Exchange Back-End Servers IIS 6.0 With SMTP Service IIS 6.0 With SMTP Service Is the … Source Host allowed? Source Domain allowed? Attachment allowed? Keyword blocked? SMTP Server Install Message Screener ISA Server
18
To implement SMTP message screener: Configure an SMTP mail server publishing rule that publishes the SMTP server running message screener 3 3 Configure the message screener settings on the SMTP filter 4 4 Install the SMTP message screener on the IIS server 2 2 Install the SMTP service on an IIS 5.0 or IIS 6.0 server 1 1 How to Implement SMTP Message Screener
19
Practice: Implementing SMTP Message Screener Install the SMTP service on the computer running ISA Server Install the SMTP message screener Configure the SMTP message screener Test the SMTP message screener Internet Den-ISA-01 Den-DC-01 Gen-Web-01 Den-Msg-01
20
Integrating ISA Server and Exchange Server to Secure SMTP Traffic You can deploy message screener: On the computer running ISA Server. This option is the easiest to configure but least secure On an IIS server in the internal or perimeter network. Using a server in the perimeter network is most complicated to configure, but most secure To filter only inbound messages. Configure ISA Server to publish the message screener server, and configure access rules for the internal SMTP servers to send e-mail to the Internet To filter inbound and outbound messages. Configure ISA Server to publish the message screener server, and configure the internal SMTP servers to route messages to the message screener server On the computer running ISA Server. This option is the easiest to configure but least secure On an IIS server in the internal or perimeter network. Using a server in the perimeter network is most complicated to configure, but most secure To filter only inbound messages. Configure ISA Server to publish the message screener server, and configure access rules for the internal SMTP servers to send e-mail to the Internet To filter inbound and outbound messages. Configure ISA Server to publish the message screener server, and configure the internal SMTP servers to route messages to the message screener server
21
Lesson: Configuring ISA Server to Secure Web Client Connections How Does ISA Server Secure OWA Connections? How to Configure ISA Server to Enable OWA Access How to Configure Forms-Based Authentication How to Configure ISA Server to Enable Access for Other Web Clients
22
How Does ISA Server Secure OWA Connections? Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server OWA Client OWA Client Use Mail Publishing Wizard to publish OWA Servers Configure attachment blocking Use forms-based authentication to avoid secure user logon ISA Server
23
To configure ISA Server to enable OWA access: Configure a bridging mode. For best security, secure the connection from client to ISA Server and from ISA Server to OWA server 3 3 Configure a Web listener for OWA publishing. Choose forms-based authentication and SSL for the Web listener 4 4 Use the Mail Server Publishing Wizard to publish the OWA server 2 2 Install a digital certificate on the OWA server and configure IIS to require SSL connections to the OWA virtual directories 1 1 How to Configure ISA Server to Enable OWA Access
24
How to Configure Forms-Based Authentication
25
How to Configure ISA Server to Enable Access for Other Web Clients Publishing Exchange server virtual directories for OMA and Activesync clients Publishing Exchange server virtual directories for OMA and Activesync clients
26
Practice: Configuring ISA Server for Secure OWA Connections Installing a certificate on the OWA server Configuring IIS to require SSL on the virtual directories used by OWA Configuring an Outlook Web Access publishing rule Testing the Outlook Web Access publishing rule Internet Den-ISA-01 Den-DC-01 Gen-Web-01 Den-Msg-01
27
Lesson: Configuring ISA Server to Secure Client Connections Multimedia: Connecting MAPI Clients to Exchange Server Through a Firewall How ISA Server Secures Outlook RPC Connections About RPC over HTTP How to Configure RPC over HTTP Enabling E-Mail Access for POP3 and IMAP4 Clients
28
Multimedia: Connecting MAPI Clients to Exchange Server Through a Firewall
29
How ISA Server Secures Outlook RPC Connections Outlook Client Outlook Client Exchange Servers Exchange Servers ISA Server Port 135 Exchange UUID=3000 Exchange UUID=2000
30
Internet Den-ISA-01 Den-DC-01Den-Msg-01 Practice: Configuring ISA Server to Secure Outlook RPC Connections Configuring an Outlook RPC publishing rule Testing the Outlook RPC publishing rule Den-Clt-01
31
About RPC over HTTP RPC over HTTP requires: Exchange Server 2003 running on Windows Server 2003 and Windows Server 2003 global catalog servers Outlook 2003 running on Windows XP Windows Server 2003 server running RPC proxy server with the Exchange and domain controller service port numbers defined in the registry A modified Outlook profile that connects to the Exchange server using HTTPS
32
How to Configure RPC over HTTP To enable RPC over HTTP, publish the /rpc/* virtual directory To enable RPC over HTTP, publish the /rpc/* virtual directory
33
Enabling E-Mail Access for POP3 and IMAP4 Clients Configure the Required ports Configure the Required ports Configure secure Ports to enable SSL security Configure secure Ports to enable SSL security
34
Lab: Integrating ISA Server 2004 and Microsoft Exchange Server Exercise 1: Enabling RPC over HTTP Client Connections Exercise 2: Configuring a Forms-Based Authentication for Outlook Web Access Internet Den-ISA-01 Den-DC-01Den-Msg-01 Den-Clt-01
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.