Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   
Is your Exchange 2000 Server Secure?
Page 1 | Page 2 | Page 3 | Page 4

SSL

If you are using the HTTP, POP or IMAP functionality to allow access to your mail servers, you need to make sure that you have enabled SSL on each of these protocols including the virtual SMTP server you are using for outbound mail for your POP and IMAP clients. If you are allowing those protocols and not requiring SSL, then you are letting your users send their usernames and passwords as clear text over the Internet.

The first thing you need to do is establish a Certificate Authority in your organization and requests a ticket for your server. The ticket will refer to the DNS name of the server so that it matches the name you will request. The following articles discuss how to apply the ticket and secure your web services:

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q320291

From within the Exchange 2000 protocol item in the System Manager, you should also associate your ticket with the IMAP and POP Services. To lock down the SMTP service, you need to be more careful since this service affects mail routing as well. Here is an excellent article that details the processes for these services and the overall process:

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q319574

AntiVirus

This is one of the most important aspects of security and something that is often overlooked. There are three areas of protection you need to consider:

  1. Inbound (outbound is also a good idea) SMTP mail scanning. Third-party tools can be purchased that run on Exchange 2000 or on a separate box to collect, scan and forward SMTP messages. I highly recommend the Sybari Antigen for this purpose because of it's sheer speed and the fact that it comes with multiple scan engines which is very helpful for new viruses.

  2. Store Scans. You should also plan on a tool to scan the Exchange stores periodically for viruses in the public and private stores. Again, Antigen is a great tool for this as it uses the new Exchange 2000 API and can not only scan the stores, but monitor the X.400 and MTA services as well for signatures.

  3. Client Protection. One of the reasons virus outbreaks can be so devastating is many were written to automatically use the address book to propagate messages out to those we know. You would open a message from a friend just to find out that it contained a virus. There are several add-ins to help protect the client machines from known viruses, but one of the best approaches is a free tool called the Outlook Security Patch. Outlook 2002 has this feature built in, but it is a separate download for Outlook 2000. When this tool is installed, programmatic access to the address book will be blocked. In addition, you can block access to file types as well including .EXE and .COM files and other attachments. this will greatly reduce your risks from an internal outbreak.
 
Is your Exchange 2000 Server Secure? Columnist's Index
Page 1 | Page 2 | Page 3 | Page 4

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008