Tài liệu Module 6: Designing a Security Strategy docx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.29 MB, 64 trang )
Contents
Overview 1
Introduction to Designing a Security
Strategy 2
Protecting Against External Security
Threats 7
Protecting Against Internal Security
Threats 17
Designing an Encryption Strategy 22
Windows 2000 Security Considerations 30
Lab A: Planning Northwind Traders
Security 35
Lab B: Securing Northwind Traders 40
Lab Discussion 56
Module 6: Designing a
Security Strategy
Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
2001 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, BackOffice, FrontPage, NetMeeting, Outlook, PowerPoint,
SQL Server, Visio, Visual Studio, Win32, Windows, Windows Media, and Windows NT are either
registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries.
Other product and company names mentioned herein may be the trademarks of their respective
owners.
Module 6: Designing a Security Strategy iii
Instructor Notes
This module provides students with the information necessary to design a
security strategy for a Microsoft
®
Exchange 2000 organization.
After completing this module, students will be able to:
!"
Identify security risks and describe security best practices.
!"
Secure an Exchange 2000 organization from external security threats.
!"
Secure an Exchange 2000 organization from internal security threats.
!"
Design an encryption strategy.
!"
Outline security considerations that are related to Microsoft
Windows
®
2000.
Materials and Preparation
This section provides the materials and preparation tasks that you need to teach
this module.
Required Materials
To teach this module, you need the following materials:
!"
Microsoft PowerPoint
®
file 1573A_06.ppt
!"
The Planning for External Attacks job aid
!"
The Planning for Internal Attacks job aid
!"
The Designing an Authentication and Encryption Strategy job aid
!"
The Northwind Traders Case Study
!"
The Fourth Coffee Case Study
Presentation:
75 Minutes
Lab:
120 Minutes
iv Module 6: Designing a Security Strategy
Preparation Tasks
To prepare for this module, you should:
!"
Read all of the materials for this module.
!"
Complete the labs and review the lab discussion questions.
!"
Review the Planning for External Attacks job aid.
!"
Review the Planning for Internal Attacks job aid.
!"
Review the Designing an Authentication and Encryption Strategy job aid.
!"
Review the Northwind Traders Case Study.
!"
Review the Fourth Coffee Case Study.
!"
Practice the instructor-led portions of the labs and be prepared to
demonstrate them for the benefit of the class.
The job aids are in the Exchange 2000 Design Tool located at
C:\MOC\1573A\LabFiles\Exchange_2000_Design_Tool, and on the student
compact disc. The case studies are in the Appendices and on the student
compact disc.
Note
Module 6: Designing a Security Strategy v
Module Strategy
Use the following strategy to present this module:
!"
Introduction to Designing a Security Strategy
Begin by describing the security risks to which most companies are
vulnerable. Next, discuss a list of best practices that every company should
consider implementing.
!"
Protecting Against External Security Threats
Begin by discussing how to protect against viruses by using virus filters and
virus scanners. Continue by explaining why ports are a common entryway
for security attacks, and discuss the list of ports and services outlined in the
table. Make sure students understand the importance of shutting down
access to ports that they are not using. Next, explain how to protect
mailboxes and their content from security threats, and how to use
bridgehead servers and routing groups to reduce the risk of external security
attacks. Conclude this topic by explaining how to plan firewalls. Emphasize
again that protecting the ports that provide access to a company’s resources
is a crucial function of any effective security strategy.
!"
Protecting Against Internal Security Threats
Begin by discussing how to configure distribution list permissions and
administrative groups. Make sure students understand how configuring
these two features can increase security. Continue by discussing the
importance of message archiving. Complete this topic by describing when
and why it is appropriate to configure top-level folder permissions.
!"
Designing an Encryption Strategy
Begin by explaining the importance of Microsoft Certificate Services, and
describe how the Microsoft Exchange Key Management Server and the
Certificate Service work together to increase security. Finally, explain how
to encrypt Internet mail.
!"
Windows 2000 Security Considerations
This topic discusses the security features in Windows 2000 that you should
include in the security strategy for an Exchange 2000 organization. Begin
by discussing how the Kerberos version 5 authentication protocol provides
authentication capabilities. Make sure that students understand the role of
the Kerberos protocol in authentication delegation. Complete this topic by
discussing the Access Control Model and how to implement it in a security
strategy.
vi Module 6: Designing a Security Strategy
Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
Lab Setup
The following list describes the setup requirements for the labs in this module.
!"
For each student, a Microsoft Management Console (MMC) custom console
must be created. This custom console must include both the
Active Directory Users and Computers snap-in and the Exchange System
snap-in, and must be named your_firstname Console.
!"
For each student, a personalized user account must be created in the
appropriate domain. This user account must be added to the Domain
Admins group, and assigned a mailbox on the server running
Exchange 2000 that the student is using.
!"
For each student, a user profile must be created on the student’s computer
that enables the student to access their mailbox by using Microsoft
Outlook
®
2000.
Lab Results
Performing the labs in this module, including the “If Time Permits” exercise,
introduces the following configuration changes:
!"
A message filter that filters out messages sent from contoso.msft is created
in the Northwind Traders organization and applied to the Simple Mail
Transfer Protocol (SMTP) virtual server on each student's server running
Exchange 2000.
!"
Only members of the All Executives distribution list (DL) are allowed to
send mail to the your_servername Executives DL.
!"
Membership of the your_servername Executives DL is hidden from
everybody’s view.
!"
Microsoft Key Management Server is installed on the instructor’s machine.
!"
All student your_username accounts are enabled for advanced security.
Module 6: Designing a Security Strategy 1
Overview
!
Introduction to Designing a Security Strategy
!
Protecting Against External Security Threats
!
Protecting Against Internal Security Threats
!
Designing an Encryption Strategy
!
Windows 2000 Security Considerations
A company’s messaging infrastructure is crucial to both communication and
productivity. Keeping this infrastructure secure and accessible is a high priority
for most companies. Designing an effective security strategy requires an
understanding of the security risks to which most businesses are vulnerable. A
security strategy helps you to assess and avoid risks by identifying the systems
and networks that you must protect, and by defining the mechanisms that you
will use to secure your environment. A comprehensive security strategy also
addresses procedures for identifying and recovering from security breaches.
After completing this module, you will be able to:
!"
Identify security risks and describe security best practices.
!"
Secure a Microsoft
®
Exchange 2000 organization from external security
threats.
!"
Secure an Exchange 2000 organization from internal security threats.
!"
Design an encryption strategy.
!"
Outline security considerations that are related to Microsoft
Windows
®
2000.
Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
how to design a security
strategy that enables you to
secure an Exchange 2000
organization from internal
and external attacks, and
how to implement an
encryption strategy.
2 Module 6: Designing a Security Strategy
#
##
#
Introduction to Designing a Security Strategy
!
Identifying Security Risks
!
Basic Best Practices
Every comprehensive security strategy includes a description of the security
risks to which the company is vulnerable. In addition, an effective security
strategy outlines the basic best practices and configuration changes that
administrators need to implement to ensure the security of an Exchange 2000
organization.
Topic Objective
To outline the most basic
topics that are associated
with designing a security
strategy.
Lead-in
You can begin designing
your security strategy by
identifying common security
risks and the best practices
that you can implement to
prevent them.
Module 6: Designing a Security Strategy 3
Identifying Security Risks
Security Risks
Data Theft
Or Tampering
Data Theft
Data Theft
Or Tampering
Or Tampering
Forgery
Forgery
Forgery
Denial of
Service
Denial of
Denial of
Service
Service
Trojan
Horse
Trojan
Trojan
Horse
Horse
Virus
Virus
Virus
Spoofing
Spoofing
Spoofing
Mail-
Relaying
-
-
Relaying
Relaying
Before you can protect your Exchange 2000 organization, you need to
understand the security risks to which most companies are vulnerable.
In general, there are two categories of security risks: passive attacks and active
attacks. In a passive attack, the attacker sets their network card to a listening
mode, but does not tamper with data. In an active attack, the attacker attempts
to change information. Determining whether information has been changed, and
when that information was changed, may be impossible.
Both active and passive attacks can be initiated easily over local area networks
(LANs), as well as over wide area network (WAN) links. The following table
identifies the most common types of security attacks.
Type of security risk Characteristics
Data theft or tampering Copying, changing, or listening to data that is
transmitted over a network or from a disk.
Forgery Passing data as a third party.
Denial of service Preventing connections to a server or network by
flooding that server or network with incorrect and
incomplete data. This causes the receiving server to fill
its buffers or queues until it can time out all of the
erroneous packets.
Trojan horse A malicious, security-breaking program that’s disguised
as something benign, such as a game or a joke.
Topic Objective
To describe the security
risks to which most
businesses are vulnerable.
Lead-in
Before you can protect your
Exchange 2000
organization, you need to
understand the security
risks that your company
may have to address.
4 Module 6: Designing a Security Strategy
(
continued
)
Type of security risk Characteristics
Virus A program that searches out other programs and infects
them by embedding copies of itself in them so that they
become Trojan horses. When the corrupted programs are
run, the embedded virus also runs. This is how the virus
propagates itself. Viruses are typically invisible to the
user.
Spoofing Impersonating another person by configuring that
person’s e-mail address in the perpetrator’s own e-mail
client.
Mail-Relaying Relaying mail through your company’s servers with the
intent of disguising the actual origin of the mail.
For more information about general security issues, see
Note
Module 6: Designing a Security Strategy 5
Basic Best Practices
Secure Active Directory
Secure Active Directory
Physically Protect Your Servers
Physically Protect Your Servers
Require Complex Passwords
Require Complex Passwords
Limit User Access to Essential Information
Limit User Access to Essential Information
Create Lists of Approved IP Addresses and Domain Names
Create Lists of Approved IP Addresses and Domain Names
Enable Logging and Monitor Your CPU and Progress Usage Levels
Enable Logging and Monitor Your CPU and Progress Usage Levels
Remove All Unnecessary Services
Remove All Unnecessary Services
Disable Caching of Logon Credentials
Disable Caching of Logon Credentials
Apply the Latest Service Pack
Apply the Latest Service Pack
Prevent SMTP Hosts From Using the SMTP Server to Relay Messages to the Internet
Prevent SMTP Hosts From Using the SMTP Server to Relay Messages to the Internet
Although there are a wide variety of complex and sophisticated measures that
you can take to increase the security of your Exchange 2000 organization, you
should not overlook the following basic precautions.
!"
Secure Active Directory.
When you design and deploy Exchange 2000 security, do not forget to
strengthen the underlying Windows 2000 operating system and Microsoft
Active Directory
™
. For more information, see course 2150A, Designing a
Secure Microsoft Windows 2000 Network.
!"
Physically protect your servers.
Protect your servers physically by keeping them in a locked and secure
location. In the basic input/output system (BIOS), disable booting from both
the floppy drive and the CD-ROM drive. Use a BIOS-level boot password,
so that servers cannot be restarted without authentication. Do not keep
servers logged on when they are unattended.
!"
Require complex passwords.
Require that all passwords be longer than seven characters, that they be
composed of a combination of uppercase and lowercase letters and
symbols, and that they do not contain any dictionary words, common
names, or other easily searchable information.
Enforce a strong password policy by using Group Policy. For more
information about Group Policy, see module 5, “Administering User
Accounts,” in course 2028A, Basic Administration of Microsoft
Windows 2000.
Topic Objective
To outline several best
practices that strengthen
security.
Lead-in
Although developing a
security strategy is a
complex process, there are
some basic best practices
that should be included in
any security strategy.
6 Module 6: Designing a Security Strategy
!"
Limit user access and views to essential information.
Use discretionary access control lists (DACLs) to control user access to
Exchange 2000 features throughout the Exchange 2000 organization. For
example, you can limit user views of address lists to select groups. You can
configure similar safeguards for public folders, making it possible not only
to secure the folders against access, but also to make them invisible to any
users who should not be able to see them.
!"
Create lists of approved IP addresses and domain names.
You can prevent Internet users from overwhelming your Exchange servers
with Simple Mail Transfer Protocol (SMTP) messages or with connections
to your Internet Message Access Protocol version 4 (IMAP4), Post Office
Protocol version 3 (POP3), and Network News Transfer Protocol (NNTP)
virtual servers by accepting or denying connections based on approved lists
of Internet Protocol (IP) addresses and domains. If your Exchange 2000
organization is frequently attacked by one IP address or domain, you can
explicitly deny access to that address or domain. Exchange 2000 uses
reverse Domain Name System (DNS) lookups to check this IP address and
domain list. Enabling reverse DNS lookups is resource intensive.
!"
Enable logging and monitor your CPU and progress usage levels.
If you believe that your virtual servers are frequently being attacked, you
can monitor the number of connections that each of the SMTP virtual
servers is receiving, and also the origin of each connection.
!"
Remove all unnecessary services.
In addition to removing all unnecessary services, do not install services that
users in your company will not need. For example, do not install Instant
Messaging if you neither expect nor want people to use it. Additional
services only increase administrative and security overhead, and expose
unnecessary ports.
!"
Configure your browser to disable caching of logon credentials and also to
delete pages when the browser is closed.
If you are using Microsoft Outlook
®
Web Access, the logon credentials and
Web pages that a user accesses are cached, which provides an opportunity
for someone to steal them or gain access to them.
!"
Apply the latest service pack and all subsequent hotfixes.
Applying the latest service pack and all subsequent hotfixes implements the
best security updates that are currently available.
!"
Prevent SMTP hosts from using your company’s SMTP server to relay
messages to the Internet.
If your Exchange 2000 organization uses POP3 or IMAP4 clients, you can
verify message validity by enabling reverse DNS lookups to allow
connections from users in your own domain, by disabling relay on all
servers except the bridgehead SMTP virtual server, and by setting up
message filtering and scanning. If you do not use POP3 or IMAP4 clients in
your environment, it is a good idea to disable all message relaying.
For Your Information
You can configure Internet
Explorer to delete saved
pages when the browser is
closed by configuring the
Internet Options Advanced
tab. This will prevent users
from being able to access
secure pages after the
browser is closed.
Module 6: Designing a Security Strategy 7
#
##
#
Protecting Against External Security Threats
!
Protecting Against Viruses
!
Protecting Mailboxes and Mailbox Content
!
Using Bridgehead Servers and Routing Groups to
Increase Security
!
Protecting Ports
!
Discussion: Protecting Against External Security
Threats
Exchange 2000 is designed with connection to the Internet in mind. SMTP is
the primary mail transport agent, and other collaborative features (such as
Instant Messaging and Microsoft
NetMeeting
®
) are available. You must put
security measures in place to secure each of these elements.
Most external intrusions into your Exchange 2000 organization will appear as
viruses or as denial of service attacks. It is important that your security strategy:
!"
Addresses how to protect against viruses.
!"
Identifies dangerously exposed ports.
!"
Addresses the security of user mailboxes.
!"
Identifies how to use bridgehead servers and routing groups to increase
security.
!"
Includes plans for firewalls.
Topic Objective
To outline the topics related
to protecting against
external attacks.
Lead-in
Protecting your
Exchange 2000 organization
from external security
threats requires developing
a strategy that guards
against viruses, protects
exposed ports, protects
mailboxes and their content,
protects the SMTP server,
and plans for firewalls.
8 Module 6: Designing a Security Strategy
Protecting Against Viruses
Firewall
Server
Client
virus.vbs
virus.vbs
Most viruses propagate quickly through messaging systems because e-mail
clients provide both sending capabilities and programmatic access to address
information.
Protecting against viruses involves installing virus scanners on client computers
and servers and installing virus filters on gateways and firewalls, as well as
educating users.
Installing Virus Scanners
You can install virus scanners on both client computers and servers. If you
install a virus scanner, remember to update it frequently. When selecting
scanners, it is important to use a scanner that pushes updates to the client
computers and the server without user intervention, because such a scanner
reduces user responsibility and user error. This auto-update capability of the
virus scanner often requires you to accept a trade-off, because it may introduce
new code that could cause problems in your system.
Client-Side Scanners
Client-side scanners install file system filters which check files for the
signatures of known viruses as the files are being written to disk. Some
scanners connect to e-mail clients and search attachments on incoming e-mail.
If the scanner detects a virus, it might delete the attachment from the message
or copy the attachment to the local hard drive and disinfect the file. The auto-
update capability is an important option in client-side virus scanners, because it
downloads new signature files automatically to the local machine without user
intervention.
Topic Objective
To discuss how to design a
security strategy that
enables you to protect your
Exchange 2000 organization
against viruses.
Lead-in
You can install virus filters
and scanners to help reduce
the risk of viruses.
Module 6: Designing a Security Strategy 9
Server-Side Scanners
Server-side scanners are separate products from client-side scanners. In servers
with large databases, the chances of the scanner finding a random match are
high. As a result, server-side scanners need to be able to decipher the format of
the information store so that they can differentiate between the signature of a
known virus and a random string of bytes that happens to match a virus
signature. Some server scanners also search for a sudden increase in the amount
of e-mail, such as the same message being sent from multiple accounts.
Firewall Scanners
Firewall scanners are multithreaded so that they can scan multiple messages at
the same time. With most firewall scanners, you can specify the way in which
all viruses will be processed. For example, you can configure a firewall scanner
to strip an attachment, to send notification mail to an administrator, or to hold
the suspect message in a queue for later review.
Installing Virus Filters
Virus filters function by stopping viruses before they ever make it into or out of
your company. You can use a simple virus filter that looks for specific
filenames or strings in messages, or a more complex filter that strips
attachments of certain types, even from inside of zipped files.
Educating Users
Your security strategy must outline processes for educating users about viruses.
If users are aware of viruses, they may be able to help stop their spread should
any virus infect your company.
You can use a variety of methods to alert users of an e-mail virus threat:
voicemail messages and e-mail messages explaining what not to open,
mandatory deployment of client-side scanning software, or even flyers posted
in prominent places. Consider distributing a weekly update about known
viruses and how to combat them.
You can use event sinks to search for viruses in incoming messages in
addition to your virus scanning software. For more information on event sinks,
see course 2019A, Building Solutions in Microsoft Exchange 2000 with the Web
Storage System.
Note
10 Module 6: Designing a Security Strategy
Protecting Mailboxes and Mailbox Content
Prevent people outside of your company from learning when
employees are out of the office or on vacation
Prevent people outside of your company from learning when
employees are out of the office or on vacation
Protect users from unsolicited mail
Protect users from unsolicited mail
Prevent delivery of messages from either an unidentified or a
specific domain
Prevent delivery of messages from either an unidentified or a
specific domain
Use message journaling to record communications
Use message journaling to record communications
Limit access to mail content
Limit access to mail content
Search incoming and outgoing messages for specific
words, phrases, and senders
Search incoming and outgoing messages for specific
words, phrases, and senders
There are several security risks created by the presence of user mailboxes,
mailbox features, and mailbox content. Your security strategy must address
how to:
!"
Prevent people outside of your company from learning when employees are
out of the office or on vacation.
If your system connects to other servers running Exchange 2000 by using
the Internet, you can create a new virtual server for connecting to those
other servers. You can then configure the default virtual server and
connector not to reply to or forward out-of-office messages to the Internet.
If your system does not connect to other servers running Exchange 2000,
you can configure the default virtual server and connector to not reply to
messages sent from the Internet and to not forward messages to the Internet.
!"
Protect users from unsolicited mail.
You can create a message filter list and apply the message filter to each
applicable virtual server. If you want to keep copies of the messages that
have been filtered out, you can configure the filter to archive these
messages; and then you can regularly examine and purge the archived
messages.
!"
Prevent delivery of messages from either an unidentified or a specific
domain.
You can configure virtual servers to deny messages from any unidentified
domain, and also to deny messages from any domain that you choose to
specify.
!"
Use message journaling to record communications.
Many companies are required by law to record all communications. Because
most servers will not be able to effectively process a large volume of
accumulated messages, plan to use the message journaling feature of
Exchange 2000 to provide message copies that you can store in a permanent
archive regardless of what the user does with the original message.
Topic Objective
To explain how to protect
mailboxes and mailbox
content.
Lead-in
User mailboxes are often
one of the largest security
risks within a company.
Module 6: Designing a Security Strategy 11
!"
Limit access to mail content.
You can implement message encryption and electronic signatures to ensure
that only intended recipients can view message content. This requires that
you set up a certification authority (CA). Setting up a CA enables you to
issue certificates to users, and to manage certificate revocation and expiry
lists.
Exchange 2000 integrates with the Windows 2000 Certificate Server and
provides interoperability with other CAs that issue X.509 version 3
certificates. Remember that you must train users to encrypt and decrypt
messages, to apply digital signatures, and to handle certificates that they
receive from other users.
!"
Search incoming and outgoing messages for specific words, phrases, and
senders by using a third-party product.
12 Module 6: Designing a Security Strategy
Using Bridgehead Servers and Routing Groups to Increase Security
Routing Group
Mailbox Server Mailbox Server
Firewall
Internet
SMTP Connector
SMTP Connector
SMTP Connector
Bridgehead Server
Another way to increase security against external attacks is by using a
bridgehead server to provide Internet connectivity to a routing group. To
accomplish this, you can implement a routing group in which the bridgehead
server is a server that has a connection to the Internet and that is running both
Exchange 2000 and DNS. This DNS server should be configured with both the
mail exchange (MX) records and the address (A) records for the SMTP hosts
that your company most often sends mail to.
The SMTP connector is installed on this bridgehead server, and provides
outgoing message delivery for your company over the Internet. In order for
inbound mail to be routed through this server, the external DNS that your
company exposes to the Internet must use a MX record to list this server as
your domain’s mail server. If you configure your server in this way, it is not
necessary for every server running Exchange 2000 to have Internet
connectivity; this arrangement increases security, because only the bridgehead
server is exposed to the Internet.
Configuring the Bridgehead Server
You can configure the bridgehead server to handle both outgoing and incoming
Internet mail. An SMTP connector with an address space of * is all that is
required to force other servers in the routing group to use this server as a
bridgehead. You can make this connector available to the routing group only, or
to the entire Exchange 2000 organization.
To prevent external domains from relaying mail by using your servers,
configure the Exchange bridgehead server to have two separate SMTP virtual
servers by using two network interface cards, one of which is bound to the
internal IP address, and the other of which is bound to the external IP address.
The virtual server that has the internal IP address allows relaying for messaging
clients on other internal IP addresses. The virtual server that has the external IP
address allows relaying only for the IP addresses of the internal virtual server.
Topic Objective
To describe how to use
bridgehead servers and
routing groups to increase
security.
Lead-in
You can increase security
by using a bridgehead
server to provide Internet
connectivity to a routing
group.
For Your Information
Bridgehead servers are also
referred to as SMTP relay
servers.
Module 6: Designing a Security Strategy 13
Protecting Ports
Port
25
Port
110
Firewall
Server
HTTP
Client
POP3
Client
SMTP
Client
Port
25
Port
110
Port
80
Port
25
Port
110
Firewall
HTTP
Client
POP3
Client
SMTP
Client
Port
25
Port
110
Port
80
Port
80
All access to system resources is controlled by specific ports. Applications
running on the Exchange 2000 and Windows 2000 services examine packets
that contain specific port numbers. One of the most common methods of
securing a network application is to restrict connections to the ports that are
associated with that application.
An effective security strategy identifies the ports that are associated with each
service that your Exchange 2000 organization uses. To reduce your system’s
vulnerability to people who are trying to break in from the outside, plan to filter
any remaining ports.
Exchange 2000 Ports and Services
The following table outlines the Exchange 2000 ports and their associated
services.
Port Service
25 SMTP
80 HTTP (Hypertext Transfer Protocol)
88 Kerberos
102 MTA (message transfer agent)—X.400 connector over TCP/IP
(Transmission Control Protocol/Internet Protocol)
110 POP3
119 NNTP
135 Client/Server Communication
RPC (remote procedure call)
Exchange Administration
143 IMAP
389 LDAP (Lightweight Directory Access Protocol)
Topic Objective
To explain how to plan
firewalls.
Lead-in
Firewalls are an important
factor in any security
strategy, and are especially
important when considering
how to reduce exposure to
external security risks.
14 Module 6: Designing a Security Strategy
(
continued
)
Port Service
443 HTTP (SSL)
465 SMTP (SSL)
563 NNTP (SSL)
636 LDAP (SSL)
993 IMAP4 (SSL)
995 POP3 (SSL)
1720 H.323 Call Setup
1731 Audio Call Control
2980 Instant Messaging Service
3268 and
3269
Global Catalog look-ups
Dynamic H.323 Call Control
Dynamic H.323 Call [RTP (Real-Time Transport Protocol) over UDP (User
Datagram Protocol)]
Using Perimeter Networks
To reduce port exposure, you can place the front-end server, or the server that
receives SMTP messages, in a perimeter network to filter out a specific port on
the outside router. Block all nonessential TCP/IP ports both at the outside router
and at the firewall.
For more information about IP ports, see ipfilters.xls under Additional
Reading on the Student Materials compact disc.
Using Firewalls
Firewalls are an important factor in any security strategy, and are especially
important in reducing your company's vulnerability to external security attacks.
Firewalls prevent unauthorized access to data that is located on servers that are
located behind the firewall. If you do not implement a firewall connection to the
Internet, all of your servers running Exchange 2000 are connected to a network
that has a direct connection to the Internet, and thus they are all exposed to the
Internet.
Filtering Internet Traffic
You can use a firewall to allow only essential Internet traffic to pass through
each port that you specify. For example, you can configure your network to
allow only SMTP (port 25) traffic to pass through your firewall, and thus
prevent connections on all other ports. You can also connect a server running
Exchange 2000 to the Internet by using an SMTP virtual server. In this
configuration, your server running Exchange 2000 will only be able to accept
connections on port 25, because the firewall blocks all other ports.
Key Points
To reduce port exposure,
you can place the front-end
server, or the server that
receives SMTP messages,
in a perimeter network to
filter out a specific port on
the outside router.
Note
Module 6: Designing a Security Strategy 15
Maintaining Internet Connectivity
Although Exchange 2000 can operate in a firewall environment, there are
requirements that you need to be aware of in order to maintain Internet
connectivity, specifically with remote client computers. Firewalls can filter
certain TCP ports or block them entirely. If you want remote clients and remote
servers to communicate with your network through a firewall, then you cannot
change or block the port assignments for the various protocols that
Exchange 2000 supports.
Using Microsoft ISA Server
You can use Microsoft Internet Security and Acceleration (ISA) Server to route
all Internet traffic through a single server and to protect servers inside your
Exchange 2000 organization. Although this solution requires more setup time
and planning than a direct Internet connection, it increases security.
For Your Information
You can also use Proxy
Server as a firewall.
16 Module 6: Designing a Security Strategy
Discussion: Protecting Against External Security Threats
You will need the Fourth Coffee Case Study and the Planning for External
Attacks job aid to participate in this discussion.
The job aids are in the Exchange 2000 Design Tool located at
C:\MOC\1573A\LabFiles\Exchange_2000_Design_Tool, and on the student
compact disc. The case studies are in the Appendices and on the student
compact disc.
QUESTION:
Based on the
Fourth Coffee Case Study
, what are the external security
threats that Fourth Coffee needs to address?
ANSWER:
Fourth Coffee wants to ensure that its servers running Exchange 2000
are not used to relay unsolicited commercial e-mail. They also want to
protect employees from receiving unsolicited commercial e-mail, as well
as e-mail from non-existent Internet domains.
QUESTION:
Using the
Planning for External Attacks
job aid, what are the
configuration tasks that you must perform in order to protect Fourth
Coffee from external security threats?
ANSWER:
Create a message filter list.
Verify that the SMTP virtual servers are not configured to allow
unauthorized message relay.
Topic Objective
To discuss how to protect
against external security
threats.
Lead-in
Let’s discuss how to protect
against external security
threats.
Note
For Your Information
The questions and answers
on this discussion page are
not printed in the student
workbooks. They are
intended to facilitate
classroom discussion, but
you should also feel free to
ask your own questions.
Module 6: Designing a Security Strategy 17
#
##
#
Protecting Against Internal Security Threats
!
Strengthening Internal Security
!
Discussion: Protecting Against Internal Security Threats
Although you can reduce many internal security threats by educating users,
there are also some configuration tasks you can perform that will reduce your
exposure to internal security attacks.
Topic Objective
To outline the topics related
to protecting against internal
security threats.
Lead-in
Although you can reduce
many internal security
threats by educating users,
there are also some
configuration tasks you can
perform that will reduce your
exposure to internal security
attacks.
18 Module 6: Designing a Security Strategy
Strengthening Internal Security
Configuring DL Permissions
Configuring DL Permissions
Configuring Administrative Groups
Configuring Administrative Groups
Implementing Message Archiving
Implementing Message Archiving
Configuring Top-Level Folder Permissions
Configuring Top-Level Folder Permissions
Although many internal security attacks are malicious, many others are the
result of user error or negligence. You can strengthen internal security by
configuring distribution list (DL) permissions, configuring administrative
groups, archiving messages, and configuring folder permissions.
Configuring DL Permissions
Because distribution lists often contain confidential information in the form of
membership data, it is important to plan access to each distribution list
carefully. You can configure DL permissions that:
!"
Prevent specified users from sending messages and message replies to large
DLs.
!"
Prevent specified users from sending messages to executive or other
confidential DLs.
!"
Prevent specified users from seeing the membership of specified DLs.
Configuring Administrative Groups
When you enable multiple groups of administrators to perform different
functions, you may encounter a situation in which some administrators will
make configuration changes to objects that they should not modify. To prevent
such situations from happening, you can configure administrative groups so that
different administrators are assigned different roles.
For more information about configuring administrative groups, see
module 3, “Designing an Administrative Plan,” in course 1573A, Designing
Microsoft Exchange 2000 for the Enterprise.
Topic Objective
To discuss how to protect
against internal security
threats.
Lead-in
To protect against internal
security attacks, you can
configure DL permissions,
configure administrative
groups, implement message
archiving, and configure
folder permissions.
Note
Module 6: Designing a Security Strategy 19
Implementing Message Archiving
Message archiving enables you to dedicate one specific mailbox to receive all
messages that are processed by servers on which archiving is enabled. You can
set a policy on that server which specifies the mailbox in which you want to
archive messages. If you want to keep copies of all messages that are
transferred through your messaging system, even deleted messages, you can
configure a dedicated mailbox server to receive all messages, and then
implement message archiving on your mailbox servers.
Configuring Top-Level Folder Permissions
Because of the way that replication works in Exchange 2000, configuring folder
permissions is an important part of your security strategy. Because the
hierarchy for all top-level folders is replicated across an entire Exchange 2000
organization, you should configure top-level folder permissions that:
!"
Prevent users from creating public folders at the root of the Messaging
Application Programming Interface (MAPI) folder hierarchy.
!"
Enable you to control the growth and complexity of your folder hierarchy.
The first step to protecting your network is always to educate your users
on how to use and how not to abuse your network and your messaging system.
Note
