SUBJECT LINE: Exchange & Outlook UPDATE, Exchange Edition, April 4, 2003
Exchange and Outlook UPDATE, Exchange Edition--brought to you by Exchange & Outlook Administrator, a print newsletter from Windows & .NET Magazine that contains practical advice, how-to articles, tips, and techniques to help you do your job today.
~~~~ THIS ISSUE SPONSORED BY ~~~~
Effortlessly Eliminate Spam from Your Enterprise
Windows & .NET Magazine Connections
~~~~ SPONSOR: EFFORTLESSLY ELIMINATE SPAM FROM YOUR ENTERPRISE ~~~~
- Call us over lunch, and see Spam disappearing by dinner
- Trap 99.7% of all Spam effortlessly
- 20% discount on competitive upgrades until June 30th, 2003
- Nothing to install, maintain or upgrade
- 21-day free trial, takes only 10 minutes of your time
- Rock-solid stable solution means 100% uptime
- We have a long list of happy customers, references available
Come attend our weekly webinars:
"I know SPAM when I see it"
How to identify Spam and stop it before it enters your organization
For more information, see: http://www.mailwise.com
For more information, call Beth at (800) 999-5412 x18 or email [email protected]
April 4, 2003 -- In this issue:
- OWA 2003's New Security Features
- Sample Our Security Administrator Newsletter!
3. HOT RELEASE (ADVERTISEMENT)
- BlackBerry Enterprise Server v3.5 for Exchange
- XADM: How to Tell if Exchange Has a Service Pack Installed
- Featured Thread: Schema Master Error Stops Installation
- Results of Last Month's Instant Poll: Planning for Exchange 2003
- New Instant Poll: New Exchange Features
5. NEW AND IMPROVED
- Understand ISA Server Configurations
- Submit Top Product Ideas
6. CONTACT US
See this section for a list of ways to contact us.
(contributed by Paul Robichaux, News Editor, [email protected])
* OWA 2003'S NEW SECURITY FEATURES
Before I dive into this week's discussion of more Outlook Web Access (OWA) 2003 features, I want to add OWAToolkit.com to the list I provided last week of vendors that offer OWA spell checkers. Now, on with enumerating OWA's new features.
Microsoft has put an enormous amount of effort into improving the security of Exchange Server 2003, and that effort is apparent in the new version of OWA--especially when you run Exchange 2003 on Windows Server 2003. (In that scenario, OWA runs on Microsoft IIS 6.0, which has a much improved security model compared to IIS 5.0 and earlier.) If you have more than a handful of OWA users, the changes to OWA are well worth upgrading to Exchange 2003. The most noteworthy features are support for encryption, cookie authentication, and various content blocks.
I cut my security teeth years ago writing software to support Secure MIME (S/MIME) from within Outlook, Eudora on the Macintosh, and cc:Mail. At the time, I couldn't understand why S/MIME wasn't more widely deployed. Now, S/MIME's market penetration is increasing steadily as various vendors work out its underlying infrastructure and compatibility problems. One big advantage of S/MIME is that it provides end-to-end security. When a user wants to encrypt a message, the S/MIME client software encrypts that message on the desktop, and the message remains encrypted until the recipient opens it. The public-key cryptographic security method that S/MIME implements restricts access to the sender's private key, so neither the sender's nor the recipient's mail server can decrypt the message during transit. This security restriction has prevented an effective and secure way to send and receive encrypted mail through OWA--until now. The new OWA can use locally stored digital certificates to give OWA users the ability to create signed or encrypted messages and to decrypt received messages. Because the user must have a local copy of his or her certificate, you'll need to use some kind of portable certificate technology. Smart cards are the obvious favorite, but tools such as Dallas Semiconductor's iButton will work, too. You can even use locally stored certificates in personal information exchange (.pfx) files; users can copy certificates from their work machines to a .pfx file, put the file on a 3.5" disk, then transfer the file to their laptops or home computers for use with OWA.
Another welcome improvement is support for cookie authentication. Earlier versions of OWA have no way to control the duration of a user's OWA session. After a user authenticates to any Web server, the user's browser caches the user's credentials (thus, Microsoft has always advised that users close all browser windows to ensure that they've successfully logged off of an OWA session). In the new OWA, however, you can specify the use of cookie-based authentication. Users will notice the difference when they log on to OWA because they'll get an online logon form rather than the Enter Network Password dialog box they get in earlier OWA versions. After users enter their credentials, IIS will generate an authentication cookie, which the client browser will store. Cookies have expiration times, so after a preset period, the user's session will end automatically. In the same vein, when users click "Log off" in the new OWA, the cookie is deleted, so an attacker can't recycle the user's credentials. OWA leverages these features to let you specify timeout periods. (You can add cookie-based authentication to the Exchange 2000 Server version of OWA, but most sites haven't bothered to do so.)
Another improvement is that you'll be able to block access to some types of attachments to help ensure that users don't accidentally leave sensitive materials on public computers. You can also control whether users can open hyperlinks embedded in messages.
None of these features, of course, change the fact that you must educate your users about good security practices. Several Microsoft consultants I know refuse to use OWA on any machine not under their control because you can never be absolutely sure that a public machine hasn't been tampered with in some way. Keep in mind that security is only as good as your operational practices.
~~~~ SPONSOR: WINDOWS & .NET MAGAZINE CONNECTIONS ~~~~
WINDOWS & .NET MAGAZINE CONNECTIONS: WIN A FLORIDA VACATION
Simply the best lineup of technical training for today's Windows IT professional. Register now for this exclusive opportunity to learn in-person from the Windows & .NET Magazine writers you trust. Attendees will have a chance to win a free Florida vacation for two. Register today and you'll also save $300.
(brought to you by Windows & .NET Magazine and its partners)
* SAMPLE OUR SECURITY ADMINISTRATOR NEWSLETTER!
If you spend the better part of your day dealing with security concerns such as controlling user access, viruses, and tightening your network's permeability, then you can benefit from the type of information we publish each month in Security Administrator. Every issue shows you how to protect your enterprise with informative, in-depth articles, timely tips, and practical advice. Sample our most recent issue today!
* BLACKBERRY ENTERPRISE SERVER V3.5 FOR EXCHANGE
Learn how you can provide your mobile professionals with secure wireless access to email, data and communications. Download the white paper for BlackBerry Enterprise Server v3.5 for Microsoft Exchange. Visit http://www.blackberry.com/go/server35
* XADM: HOW TO TELL IF EXCHANGE HAS A SERVICE PACK INSTALLED
Each week, Microsoft posts several Exchange Server how-to articles to its Knowledge Base. This week, learn a quick and simple way to determine whether a service pack has been applied to an Exchange Server.
* FEATURED THREAD: SCHEMA MASTER ERROR STOPS INSTALLATION
Philip has a problem running Domainprep during Exchange 2000 Server installation in a multidomain forest. Other readers have run into the same problem. To offer your advice or join the discussion, go to the following URL:
* RESULTS OF LAST MONTH'S INSTANT POLL: PLANNING FOR EXCHANGE 2003
The voting has ended in the Exchange & Outlook Administrator Web site's nonscientific Exchange Instant Poll for the question "What are your plans for Exchange Server 2003 (aka Titanium)?" Here are the results from the 501 votes:
- 12% We plan to deploy it as soon as it's available
- 12% We'll migrate within 6 months
- 16% We'll migrate within 1 year
- 16% We'll migrate within 2-3 years
- 43% We have no plans to switch to Exchange 2003
(Deviations from 100 percent are due to rounding.)
* NEW INSTANT POLL: NEW EXCHANGE FEATURES
The next Exchange Instant Poll question is "Which of the following Exchange Server 2003 features interests you most?" Go to the Exchange & Outlook Administrator home page and submit your vote for a) Volume Shadow Copy Service (VSS), b) New OWA, c) Enhanced cluster support, d) Anti-spam features, or e) Nothing in Exchange 2003 interests me.
(contributed by Carolyn Mader, [email protected])
* UNDERSTAND ISA SERVER CONFIGURATIONS
Syngress Publishing announced "Dr. Tom Shinder's ISA Server and Beyond," by Thomas Shinder and Debra Littlejohn Shinder. The book explains under-documented Microsoft Internet Security and Acceleration (ISA) Server 2000 configurations, including those for demilitarized zone (DMZ) topologies, Web and server publishing, Exchange Server services, and Outlook Web Access (OWA). You can learn how to integrate ISA Server with other Windows security features, such as the Security Configuration Toolset, the Encrypting File System (EFS), IP Security (IPSec), and Microsoft IIS security. You can also find out more about configuring mail services on an ISA Server computer (ISA Server integrates with Exchange 2000 Server so that you can securely publish Exchange remote procedure calls--RPCs--and OWA). The 847-page book is available for $59.95. Contact Syngress Publishing at [email protected]
* SUBMIT TOP PRODUCT IDEAS
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected]
Here's how to reach us with your comments and questions:
* ABOUT THE COMMENTARY -- [email protected]
* ABOUT THE NEWSLETTER IN GENERAL -- [email protected] (please mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
* PRODUCT NEWS -- [email protected]
* QUESTIONS ABOUT YOUR EXCHANGE & OUTLOOK UPDATE SUBSCRIPTION? Customer Support -- [email protected]
* WANT TO SPONSOR EXCHANGE & OUTLOOK UPDATE? -- [email protected]
This email newsletter is brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, tips, and techniques covering migration, backup and restoration, security, and much more. Subscribe today! http://www.exchangeadmin.com/sub.cfm?code=neei23xxup
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email
Thank you for reading Exchange and Outlook UPDATE, Exchange Edition. _________________________________________________________ Copyright 2003, Penton Media, Inc.