Exchange 2003 Security Tips - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Exchange 2003 Security Tips

Description:

Shipped in Outlook 2003. Deployed at Hotmail. http://www.microsoft.com/exchange/imf ... To sign you need to own an S/MIME certificate ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 24
Provided by: roneng
Category:
Tags: exchange | hotmail | in | security | sign | tips

less

Transcript and Presenter's Notes

Title: Exchange 2003 Security Tips


1
Exchange 2003 Security Tips
2
Exchange 2003 Security Tips
  • Ronen Gabbay
  • ronen_at_hi-tech.co.il

3
Agenda
  • Hardening Exchange server machine
  • Exchange SMTP filters and IMF
  • Security Features and Tips
  • Exchange in the PKI environment
  • Remote Access methods
  • Front End Back End Topology
  • References

4
Hardening Exchange 2003
  • Exchange Security Templates
  • Dedicated OWA FE server
  • Exchange BE server
  • Use Windows 2003 Security Templates
  • Read Exchange hardening Guide !

5
Global Restrictions
  • Outgoing Message Size
  • Incoming Message Size
  • Recipient Limit

6
SMTP filters
  • Recipient Filter
  • Filter users not listed in the directory
  • Sender Filter
  • DNS based Real Time Black Lists RBL

Dont Forget to enable those filters on your SMTP
Virtual servers !!!
7
Microsoft Exchange Intelligent Message Filter
  • Exchange System Manager Console extension
  • Shipped in Outlook 2003
  • Deployed at Hotmail

http//www.microsoft.com/exchange/imf
8
  • Exchange Global Settings
  • Exchange filters
  • Configuring RBL
  • Configuring IMF

9
Anti Virus sweepers Protection
  • Use Anti Virus and sweepers on your SMTP
    gateways, before Exchange server
  • Scan Exchange using its AVAPI MAPI
  • Perform client level virus scanning
  • Do not scan Exchange IIS files nor M drive
    (exclude .log, .edb, .stm, .chk)
  • http//support.microsoft.com/?kbid8231663

10
Security Features and Tips
  • Office ADM to extend you GPO
  • You can place Server Side restrictions on Outlook
    Client Version
  • http//www.microsoft.com/exchange/techinfo/tips/Se
    cTip01.asp
  • Resolving anonymous email
  • Ability to restrict submission for Users and DLs
  • Restrict submission for authenticated users only

11
  • Office ADM files
  • Allow submit for authenticated users only

12
Exchange in the PKI environment
  • SSL / TLS vs. S/MIME
  • Signing Certificate
  • Encrypting Certificate
  • OWA S/MIME controls

13
SSL vs. S/MIME
  • SSL encrypt the session between client and server
  • Configuration is made on the server side only
  • All traffic between the client and server is
    encrypted
  • The client authenticate the server
  • S/MIME enable you to sign or encrypt the mail
    message
  • To sign you need to own an S/MIME certificate
  • To encrypt you need to get the certificate of the
    mail recipient.
  • You can issue two different certificate one for
    signing and second for encryption

14
  • Configure Auto Enroll S/MIME certificate

15
Remote Access To Exchange 2003
  • Exchange?
  • On the Internet??
  • Are you out of your !_at_ mind???

16
Remote Access Methods
  • Using Outlook Web Access
  • Using Terminal Services
  • Internet Clients (POP3 IMAP)
  • Virtual Private Networking
  • RPC over HTTPS
  • Does not suffer from RPC delays problem
  • Over VPN use HTTP with integrated authentication
  • Best performance

17
Outlook Web Access
  • OWA 2003 is almost just like Outlook
  • Browsers are everywhere
  • Familiar interface
  • Use SSL and Form based Authentication

18
Recommended TopologyFor OWA and RPC/HTTPS
Active Directory Global Catalog Server
DMZ
Exchange Front End
Exchange 2003 Server
Internet
Proxy
Firewall
Firewall
Exchange 2003 Server
HTTPS
Exchange 2003 Server
19
  • OWA SSL
  • OWA Form Based Authentication
  • Using OWA S/MIME controls
  • RPC over HTTPS and SP1

20
ISA server 2004 integration
  • increases security
  • Simple configuration
  • ISA as a front end server does not need to be a
    member of domain
  • Support SSL bridging
  • Support publishing /RPC for RPC over HTTP
  • Support for all exchange protocols
  • Message screener filtering capabilities
  • Cant read this slide ???, stay for the
  • NEXT SESSION with Itai Almog
  • ISA Server 2004

21
Thank You
  • Ronen Gabbay
  • ronen_at_hi-tech.co.il

22
Resources
  • MBSA http//www.microsoft.com/technet/security/to
    ols/mbsahome.mspx
  • Message security guide http//www.microsoft.com/do
    wnloads/details.aspx?FamilyID2305405C-FAF1-488A-A
    856-AD467BB59B26displaylangen
  • Exchange Hardening Guide (include Security
    Templates) http//www.microsoft.com/technet/prodte
    chnol/exchange/2003/library/exsecure.mspx
  • Best security updates for Exchange
    http//www.microsoft.com/exchange/techinfo/securit
    y/bestconfig2003.asp
  • Intelligent Message filter http//www.microsoft.c
    om/exchange/techinfo/security/imfoverview.asp
  • Prevent unsolicited email Q319356
  • Place Server-Side Restrictions on Clients Used to
    Access Exchange 2000 Mailboxes
    http//www.google.com/search?hlenieUTF-8oeUTF
    -8qrestrictmapiclientversionspell1
  • Configure Attachment Blocking for OWA
    http//support.microsoft.com/?kbid555001
  • How to configure RPC over HTTP on a single server
    in Exchange Server 2003 http//support.microsoft.c
    om/?id833401

23
Resources
  • Configuring Outlook 2003 for RPC over HTTP
    http//www.microsoft.com/office/ork/2003/three/ch8
    /OutC07.htm
  • Outlook Fix For RPC over HTTP http//support.micro
    soft.com/default.aspx?scidkbLN331320
  • Exchange Server 2003 RPC over HTTP Deployment
    Scenarios http//www.microsoft.com/downloads/detai
    ls.aspx?FamilyIDef58395d-3710-49cf-9698-938e2bef3
    9e8displaylangen
  • ISA Server http//www.microsoft.com/isaserver
  • Exchange S/MIME Guide http//www.microsoft.com/dow
    nloads/details.aspx?FamilyIDf2d49f68-9e36-414b-90
    6b-13c7c075e1b1displaylangen
  • Office 2003 ADM files http//www.microsoft.com/off
    ice/ork/2003/tools/BoxA19.htm
  • Overview of Cryptography in Outlook 2003
  • http//www.microsoft.com/office/ork/2003/three/ch
    11/OutF01.htm
Write a Comment
User Comments (0)
About PowerShow.com