Exchange and Outlook UPDATE, Exchange Edition—brought to you by Exchange & Outlook Administrator, a print newsletter from Windows & .NET Magazine that contains practical advice, how-to articles, tips, and techniques to help you do your job today.
THIS ISSUE SPONSORED BY
HP-Quest Software Free E2K Security Whitepaper
Networking UPDATE Email Newsletter
SPONSOR: QUEST SOFTWARE
FREE WHITEPAPER. Enhance security, ease administration and increase productivity. With the right management tools and best practices, you can do more with less!
Quest Software and HP have collaborated to offer "Advanced Security and Directory Administration for Exchange 2000," a free whitepaper offering best practices to help you make the most of the capabilities of your new environment.
Improve security across the enterprise and make Exchange 2000 work for YOU. Download the whitepaper today!
October 18, 2002—In this issue:
- Physical Security: The Final Frontier
- Hey Denver and San Francisco! Got Security Concerns?
- Knowledge Base: Windows NT System Key Permits Strong Encryption of the SAM
- Featured Thread: IMS Forwarding Help
4. NEW AND IMPROVED
- Log and Archive Instant Messages
- Submit Top Product Ideas
5. CONTACT US
- See this section for a list of ways to contact us.
(contributed by Paul Robichaux, News Editor, [email protected])
Many people think of computer security as something that involves bits, bytes, and passwords. You might not think much about a more elementary level of security: the physical security and integrity of your Exchange Server systems and your Outlook client workstations. Dismissing physical security as someone else's problem is easy but foolish: If an attacker gets unrestricted physical access to your computer, it won't be "your" computer much longer. Fortunately, you can take simple steps to make your systems more secure.
Begin by taking a good look at your building's physical security. Can just anyone get in? Is there an alarm? How about fire protection? Is the cooling system adequate for the number of machines you have? These questions might seem obvious (even dumb), but answering them will help you take inventory of your site's physical-security posture.
Next, take a look at your Exchange servers. Are the servers in a separate room—as they should be—or do they sit next to or under someone's desk? If the machines are in a separate room, make sure the room has a locking door. Depending on the value of your hardware, a simple lock might not be adequate; a combination or cipher lock might be more useful. Restrict who gets the key, combination, or code. Permit only those whose jobs require access to enter the server room (or server closet).
What about the machines themselves? If you're using a server rack, it probably has a lockable door—use it. If you have standalone servers with locking hasps, lock the server cases to prevent miscreants from tampering with or stealing internal components or even the entire system. Most machines contain some amount of sensitive data, so consider removing or disabling any drives that could be used to write data to removable media, including 3.5" drives. Set BIOS and power-on passwords.
These steps apply to desktop workstations, too. Much of your organization's most valuable data probably exists on these machines (a reason to consider regular backups as an additional security measure). Also encourage users to use the Windows Security dialog box (they simply press Ctrl+Alt+Delete to access it) to lock their workstations when they leave their desks. An unattended, unlocked workstation is an open invitation to data theft and compromise.
Laptops are somewhat more difficult to secure physically because they're designed to move around. I know of several high-ranking Microsoft and Hewlett-Packard (HP) employees whose unsecured laptops were stolen from their offices, so no one is immune to laptop theft. Buy some cable locks, and teach people to use them. And make sure users take advantage of Encrypting File System (EFS), which ships with Windows XP and Windows 2000, to secure crucial data.
Finally, investigate and use the Syskey utility on all your machines. Attackers often target systems from which they can harvest local account information, but Syskey effectively prevents this type of attack. Syskey is turned on by default in XP and Win2K, and you can enable it manually in Windows NT 4.0 Service Pack 3 (SP3) and later.
None of these steps, other than purchasing locks, costs money. The trick is to use built-in security features to the maximum. Of course, you can do a lot more to beef up physical security, including adding appropriate surveillance and auditing equipment and improving environmental protection (e.g., heating, cooling, fire suppression) measures (see the URL below for some other physical-security suggestions). However, high-end "gates, guards, and guns" measures aren't necessary for most sites. The simple steps I've described will help ensure that your Exchange servers and client systems are (physically) there when you need them.
"Computer Room Fortress"
SPONSOR: NETWORKING UPDATE EMAIL NEWSLETTER
NEW! NEWS, TIPS, AND MORE TO KEEP YOUR NETWORK HUMMING
Networking UPDATE brings you the how-to tips and news you need to implement and maintain a rock-solid networking infrastructure. We'll explore interoperability solutions, hardware (including servers, routers, and switches), network architecture, network management, network security, installation technology, network training, and WAN disaster recovery. Subscribe (at no cost!) at:
(brought to you by Windows & .NET Magazine and its partners)
Time is running out to register for the Windows & .NET Magazine Security Road Show 2002, coming next week to Denver and San Francisco. Register now and hear Mark Minasi and Paul Thurrott address the topic on everyone's mind: security. Sign up today before it's too late!
Each week, Microsoft posts several Exchange Server how-to articles to its Knowledge Base. This week, learn how to increase the protection of account-password information that the SAM stores in the registry.
CSLEBL needs to configure Exchange Server 5.5 systems to handle internal email as well as relay email addressed to other domains. To offer your advice or join the discussion, go to the following URL:
4. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
Cordant announced IMScribe, enterprise-scale software that can log, archive, review, report, and audit Exchange Server Instant Messaging (IM) content. IMScribe, which runs on existing Exchange IM home servers, captures IM traffic and saves the content to local log files. You can search for and review messages according to several criteria (e.g., message content, sender/recipient identities, date ranges) or you can review entire conversation threads. You can view reports that provide statistics about enterprisewide IM activity (e.g., average message size, top 10 message senders, per-user and per-reviewer statistics). For pricing, contact Cordant at 425-653-0900.
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected]
5. CONTACT US
Here's how to reach us with your comments and questions:
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR EXCHANGE & OUTLOOK UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR EXCHANGE & OUTLOOK UPDATE?
This email newsletter is brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, tips, and techniques covering migration, backup and restoration, security, and much more. Subscribe today!
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
Thank you for reading Exchange and Outlook UPDATE, Exchange Edition.