Exchange & Outlook UPDATE, Exchange Edition, August 16, 2002

Exchange and Outlook UPDATE, Outlook Edition—brought to you by Exchange & Outlook Administrator, a print newsletter from Windows & .NET Magazine that contains practical advice, how-to articles, tips, and techniques to help you do your job today.
http://www.exchangeadmin.com


THIS ISSUE SPONSORED BY

Planning on migrating to Exchange 2000?
http://www.bindview.com/migrate

NOW, EXCHANGE 5.5 > 2000: FAST, EASY, LESS COST!
http://www.discusdata.com/ec2
(below COMMENTARY)


SPONSOR: PLANNING ON MIGRATING TO EXCHANGE 2000?

Here are four FREE offers from BindView that can help you achieve an easy and cost effective migration. Get a poster outlining the differences between running an Exchange 5.5 environment vs. an Exchange 2000 environment. Read a white paper by Ferris Research, "The Cost of Migrating From Microsoft Exchange v5.5 to v2000," and download three valuable spreadsheets that will help you cost out the price of migrating. Or request your FREE evaluation copies of two of BindView's premier products designed for Exchange migration and management. For complete details, visit http://www.bindview.com/migrate today!


August 16, 2002—In this issue:

1. COMMENTARY

  • Microsoft's "Security Operations Guide for Exchange 2000 Server"

2. NEWS AND VIEWS

  • Exchange 2000 Server Top 50 "Hot Issue" Articles

3. ANNOUNCEMENTS

  • Become Part of Our MEC 2002 Focus Group!
  • Enter the Windows & .NET Magazine/Transcender Sweepstakes!

4. RESOURCES

  • Exchange HOW TO: Check and Countercheck Security-Related Information in Exchange System Manager in Exchange 2000 Server
  • Featured Thread: Background Synchronization Errors
  • Results of Previous Instant Poll: Licensing 6.0
  • New Instant Poll: Resolving Performance Problems

5. NEW AND IMPROVED

  • Access Corporate Knowledge Bases
  • Submit Top Product Ideas

6. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by Jerry Cochran, News Editor, [email protected])

  • MICROSOFT'S "SECURITY OPERATIONS GUIDE FOR EXCHANGE 2000 SERVER"

  • I recently attended DEF CON 10 in Las Vegas. One of the sessions I attended spent quite a bit of time on Exchange Server security vulnerabilities. Although I found the session's content to be rather poor and severely outdated, it did raise the visibility of deploying a secure messaging infrastructure. In a rather timely (but totally coincidental) move, Microsoft released "Security Operations Guide for Exchange 2000 Server," which you can download from the first URL below. This week, I want to provide an overview of this guide and point out some highlights that might help you make your Exchange deployments more secure.

    "Security Operations Guide for Exchange 2000 Server," which is a supplement to "Security Operations for Microsoft Windows 2000 Server," takes a Microsoft Operations Framework approach to securing Exchange. This process-focused approach examines four operations quadrants: Changing, Operating, Supporting, and Optimizing. The majority of the guide deals with two specific Exchange 2000 server scenarios: front-end servers and back-end servers. The guide doesn't provide much coverage of other Exchange server types (e.g., POP3, IMAP), nor does it provide much information about antivirus or antispam measures—two topics about which Microsoft should provide more guidance for customers.

    One of the guide's core chapters, the excellent "Securing Exchange 2000 Servers Based on a Role," highlights two Exchange 2000 roles: Outlook Web Access (OWA) front-end server and back-end Exchange 2000 server. For each role, the guide provides a Group Policy template that defines settings for services and file ACLs. For example, the policy for OWA front-end servers disables the Store service and several other services that can expose vulnerabilities on an OWA front-end server. The policy for Exchange back-end servers disables services such as IMAP4 and POP3 to provide high security for back-end servers. You must import these templates into your Group Policy settings container before you can apply them to your Exchange 2000 servers. For an OWA front-end server, apply the baseline.inf template, then add the OWA front-end incremental.inf template and the Microsoft IIS incremental.inf template for IIS servers. For back-end Exchange 2000 servers, apply the baseline.inf template and the Exchange back-end incremental.inf template. The guide also explains how to use tools such as IISLockDown and URLScan to add security measures to your OWA servers.

    Another core chapter, "Securing Exchange Communications," involves securing connections between Exchange 2000 servers and between the servers and Exchange clients. This chapter also discusses how to set up the remote procedure call (RPC) application filter with that comes with Microsoft Internet Security and Acceleration (ISA) Server 2000 and points you to some additional resources about the subject. Overall, I don't recommend this approach or the use of ISA Server 2000 on your Internet firewall or internal firewall perimeter. (The product isn't proven yet, in my opinion, and after all, how many of you run it? That's what I thought.) However, the chapter also devotes a significant amount of text to using IP Security (IPSec) to set up secure communications between front-end OWA servers in the demilitarized zone (DMZ) and back-end Exchange servers on which mailboxes reside. Despite IPSec's performance and management overhead, this approach is a good one for securing front-end/back-end communications.

    Overall, the guide provides some good information about securing your Exchange 2000 servers. (For additional information, see the second, third, and fourth URLs below.) However, I found myself left with too many questions. For example, what about managing those servers in the DMZ? How do I lock down my Exchange SMTP gateways? What do I do about antispam and antivirus measures? What if I don't want to use ISA Server 2000? In my opinion, the guide falls a little short of providing "everything an Exchange administrator needs to know about securing Exchange" but maybe that isn't its target (although I think it should be). "Using the Microsoft Operations Framework and Group Policy Objects to Secure Exchange 2000 Servers" might be a more accurate title for this guide.

    "Security Operations Guide for Exchange 2000 Server"

    "Configuration and Security Update Recommendations for Exchange 2000"

    "Configuring Microsoft Exchange 2000 Server for the Internet"

    "Exchange 2000 Front-End and Back-End Topology"


    SPONSOR: NOW, EXCHANGE 5.5 > 2000: FAST, EASY, LESS COST!

    Are you facing a large transition to Exchange 2000? ExMS Migration Suite will make the job much easier, and save you substantial time and money. It's also a lifesaver when you move mailboxes for staff shifts, mergers, and re-organizations.

    Works unattended, according to your rules. Proprietary "No Downtime" technology keeps end-users connected and productive, throughout the project. Click for FREE demo or to learn more, and ask our experts about best practices for your situation.
    http://www.discusdata.com/ec2


    2. NEWS AND VIEWS
    (contributed by Jerry Cochran, News Editor, [email protected])

  • EXCHANGE 2000 SERVER TOP 50 "HOT ISSUE" ARTICLES

  • See a list of the 50 Microsoft articles that can help you perform the most common tasks in Exchange 2000 Server. Top subjects include the Exchange Mailbox Merge program, setting up SMTP domains for inbound and relay email, configuring the SMTP Connector, and manually removing an Exchange 2000 installation.
    http://support.microsoft.com/default.aspx?scid=/support/exch2000/e2khottopics.asp

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • BECOME PART OF OUR MEC 2002 FOCUS GROUP!

  • If you're attending MEC 2002 and work at a company with more than 3000 employees, join our focus group on October 9, 2002. We'll give you a free lunch and $100! To be considered for this focus group, please email us at [email protected] by August 23. Please include your full name, job title, and email address.

  • ENTER THE WINDOWS & .NET MAGAZINE/TRANSCENDER SWEEPSTAKES!

  • Nothing can help you prepare for certification like Transcender products, and no one can help you master your job like Windows & .NET Magazine. Enter our combined sweepstakes contest, and you could win a Transcender Deluxe MCSE Select Pak (a $729 value) or one of several other great prizes. Sign up today!
    http://www.winnetmag.com/sub.cfm?code=swei202fus

    4. RESOURCES

  • EXCHANGE HOW TO: CHECK AND COUNTERCHECK SECURITY-RELATED INFORMATION IN EXCHANGE SYSTEM MANAGER IN EXCHANGE 2000 SERVER

  • Each week, Microsoft posts several Exchange Server how-to articles to its Knowledge Base. This week, learn how to ensure that the Exchange Administration Delegation Wizard displays accurate, complete security data and how to set a special registry subkey so that Exchange System Manager (ESM) shows accurate data.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q312647

  • FEATURED THREAD: BACKGROUND SYNCHRONIZATION ERRORS

  • A.T. is trying to resolve some ongoing problems with Outlook synchronization for offline viewing. To offer your advice or join the discussion, go to the following URL:
    http://www.winnetmag.com/forums/messageview.cfm?catid=40&threadid=35679
  • RESULTS OF PREVIOUS INSTANT POLL: LICENSING 6.0

  • The voting has closed in the Exchange & Outlook Administrator Web site's nonscientific Exchange Instant Poll for the question "How do you plan to deal with Microsoft's new Licensing 6.0?" Here are the results (+/-2 percent) from the 197 votes:

       - 12% We plan to sign up for the standard License (L) program
       - 16% We plan to sign up for License and Software Assurance (L&SA)
       - 10% We plan to sign up for an Enterprise Agreement (EA)
       - 62% We're considering switching to a non-Microsoft product

  • NEW INSTANT POLL: RESOLVING PERFORMANCE PROBLEMS

  • The next Exchange Instant Poll question is "How much time (on average) does it take you to identify and resolve an Exchange performance problem?" Go to the Exchange & Outlook Administrator home page and submit your vote for a) A few minutes, b) Less than 1 hour, c) 1 to 4 hours, d) 5 to 8 hours, or e) More than 1 working day.
    http://www.exchangeadmin.com

    5. NEW AND IMPROVED
    (contributed by Carolyn Mader, [email protected])

  • ACCESS CORPORATE KNOWLEDGE BASES

  • Interactive Intelligence released Communite 2.2, large-scale unified communications and messaging software for enterprises and service providers. The product, which integrates with Exchange Server, is a voicemail and fax replacement for large, distributed, and multitenant enterprises. Features include unified messaging, one-number follow-me, call-screening capability, call-recording capability, and conferencing and presence-management capabilities. An optional knowledge-management module plugs into Outlook and lets employees access corporate knowledge bases. For pricing, contact Interactive Intelligence at 317-872-3000.
    http://www.inin.com

  • SUBMIT TOP PRODUCT IDEAS

  • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected].

    6. CONTACT US
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.exchangeadmin.com/sub.cfm?code=neei23xxup

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    TAGS: Security
    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish