You are previewing Security Operations for Microsoft® Exchange 2000 Server.
O'Reilly logo
Security Operations for Microsoft® Exchange 2000 Server

Book Description

This guide delivers procedures and best practices for system administrators to create and maintain a secure environment on servers running Microsoft Exchange 2000.

Table of Contents

  1. Microsoft® Security Operations for Microsoft Exchange 2000 Server
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. A Note Regarding Supplemental Files
    3. 1. Introduction
      1. Microsoft Operations Framework (MOF)
      2. Get Secure and Stay Secure
        1. Get Secure
        2. Stay Secure
      3. Scope of This Guide
      4. Chapter Outlines
        1. Chapter 2 – Securing Your Exchange Environment
        2. Chapter 3 – Securing Exchange 2000 Servers Based on Role
        3. Chapter 4 – Securing Exchange Communications
      5. Who Should Read This Guide
      6. Summary
        1. More Information
    4. 2. Securing Your Exchange Environment
      1. General Exchange Security Considerations
        1. Exchange Service Dependencies
        2. Installing Exchange
        3. Exchange 2000 Patch Management
        4. Securing the Client Environment
        5. Protecting Against Address Spoofing
        6. Anti-Virus Measures
        7. Protecting Against Unsolicited Mail (Spam)
          1. Educating Users
          2. Unsolicited Mail Features in Outlook 2002
          3. Unsolicited Mail Features of Exchange 2000
        8. Protecting Against Denial-of-Service Attack
      2. Using Permissions and Administrative Groups to Control Access to Exchange 2000
        1. Centralized and Distributed Administration
          1. Centralized Administrative Model
          2. Distributed Administrative Model
          3. Mixed Administrative Model
        2. Creating an Environment to Support a Mixed Administrative Model
          1. Creating Management Administrative Groups to Centralize Control
          2. Using Exchange System Policies to Enable a Mixed Administrative Model
        3. Controlling User Administration
      3. Summary
        1. More Information
    5. 3. Securing Exchange 2000 Servers Based on Role
      1. Test Environment
      2. Using OWA Front-End and Back-End Servers
      3. Securing Server Roles for an Exchange 2000 Environment
        1. Active Directory Structure to Support Exchange 2000 Server Roles
        2. Importing the Security Templates
      4. Exchange Server Policies
        1. Exchange Back-End Server Policy
          1. Exchange Back-End Server Services Policy
          2. Key Services That Are Disabled
            1. Event Service
            2. Microsoft Search
            3. Microsoft Exchange Site Replication Service
            4. Microsoft Exchange MTA Stacks
          3. Exchange Back-End Server File Access Control Lists Policy
        2. OWA Front-End Server Policy
          1. OWA Front-End Server Services Policy
          2. Key Services Disabled in the OWA Front-End Server Policy
            1. Microsoft Exchange POP3 and Microsoft Exchange IMAP4
            2. System Attendant
            3. Information Store
            4. Microsoft Exchange Management
            5. SMTP Service
          3. OWA Front-End Server File Access Control Lists Policy
      5. Installing and Updating Exchange in an Increased Security Environment
      6. Additional Security Measures
        1. IIS Lockdown Tool
        2. Modifying IIS Lockdown and URLScan Settings for OWA Front-End Servers
          1. Change Password Support in OWA
          2. Blocked E-Mail
        3. Dismounting the Mailbox Store and Deleting the Public Folder Store
        4. Changing the SMTP Banner
        5. Group Lockdown for Exchange Domain Servers
      7. Exchange Cluster Considerations
      8. Summary
        1. More Information
    6. 4. Securing Exchange Communications
      1. Securing Communications in Outlook 20002
        1. Encrypting the MAPI Connection from Outlook 2002 to Exchange Server
        2. Signing and Encrypting Messages
          1. Key Management Service
      2. Securing OWA Communications
        1. Using ISA Server to Secure OWA
        2. Securing Communication Between Web Browsers and ISA Servers
          1. Configuring ISA Server to Support SSL Communications
        3. Encryption Between ISA Servers and OWA Front-End Servers
        4. Encryption Between OWA Front-End Servers and Back-End Exchange Servers
          1. Creating the OWA Front-End Server IPSec Policy
          2. Creating the Back-End Server IPSec Policy
          3. Monitoring IP Security Connections
      3. Securing SMTP Communications
        1. Using ISA Server to Secure SMTP
          1. Using Content Filtering with the Message Screener
        2. Additional Measures to Secure SMTP
          1. Using a Separate SMTP Gateway
          2. Preventing Mail Relay
      4. Summary
        1. More Information
    7. A. Managing Security with Windows 2000 Group Policy
      1. Importance of Using Group Policy
        1. How Group Policy is Applied
          1. Ensuring Group Policy is Applied
        2. Group Policy Structure
          1. Security Template Format
      2. Test Environment
      3. Checking Your Domain Environment
        1. Verifying DNS Configuration
        2. Domain Controller Replication
          1. Forcing and Verifying Replication using Repadmin
        3. Centralize Security Templates
        4. Time Configuration
      4. Policy Design and Implementation
        1. Server Roles
        2. Active Directory Structure to Support the Server Roles
          1. Domain Level Policy
          2. Member Servers OU
          3. Domain Controllers OU
          4. Individual Server Role OUs
        3. Importing the Security Templates
      5. Keeping Group Policy Settings Secure
        1. Events in the Event Log
        2. Verifying Policy Using Local Security Policy MMC
        3. Verifying Policy Using Command Line Tools
          1. Secedit
          2. Gpresult
        4. Auditing Group Policy
      6. Troubleshooting Group Policy
        1. Resource Kit Tools
          1. GPResult
          2. GpoTool
        2. Group Policy Event Log Errors
      7. Summary
        1. More Information
    8. B. Securing Servers Based on Role
      1. Domain Policy
        1. Password Policy
          1. Complexity Requirements
        2. Account Lockout Policy
      2. Member Server Baseline Policy
        1. Baseline Group Policy for Member Servers
          1. Member Server Baseline Auditing Policy
          2. Member Server Baseline Security Options Policy
            1. Additional Restrictions for Anonymous Connections
            2. LAN Manager Authentication Level
            3. Clear Virtual Memory Page File When System Shuts Down
            4. Digitally Sign Client/Server Communication
          3. Additional Security Options
            1. Security Considerations for Network Attacks
            2. Disable Auto Generation of 8.3 Filenames
            3. Disable Lmhash Creation
            4. Configuring NTLMSSP Security
            5. Disabling Autorun
          4. Member Server Baseline Registry Access Control Lists Policy
          5. Member Server Baseline File Access Control Lists Policy
          6. Member Server Baseline Services Policy
          7. Key Services Not Included in the Member Server Baseline
            1. SNMP Service
            2. WMI Services
            3. Messenger Service and Alert Service
      3. Domain Controller Baseline Policy
        1. Domain Controller Baseline Audit and Security Options Policy
        2. Domain Controller Baseline Services Policy
          1. Key Services Not Included in the Domain Controller Baseline Policy
            1. Simple Mail Transport Protocol (SMTP)
            2. Intersite Messaging
            3. IIS Admin Service
            4. Distributed Link Tracking Server Service
        3. Other Baseline Security Tasks
          1. Securing Built-in Accounts
          2. Securing Local Administrator Account
          3. Securing Service Accounts
          4. Validating the Baseline Configuration
            1. Validate Port Configuration
      4. Securing Each Server Role
        1. Windows 2000 Application Server Role
        2. Windows 2000 File and Print Server Role
        3. Windows 2000 Infrastructure Server Role
        4. Windows 2000 IIS Server Role
          1. The IISLockdown tool
          2. Other IIS Server Role Security Settings
            1. Setting IP Address/DNS Address Restrictions
          3. Disabling the Default IIS Anonymous Account
          4. Implementing IPSec Filters for Multihomed Web Servers
      5. Changes to the Recommended Environment
        1. Administration Changes
        2. Security Modifications if HFNETCHK is Not Implemented
      6. Summary
        1. More Information
    9. C. Additional Files Secured
    10. D. Default Windows 2000 Services
    11. E. Additional Services
    12. F. System Requirements
    13. Index
    14. SPECIAL OFFER: Upgrade this ebook with O’Reilly