Exchange Server 2003 Kerberos authentication

Exchange 2003 now also supports Kerberos authentication, which allows information sent between Exchange servers to be secured. If you worked with a multiserver architecture in previous versions of Exchange, you are probably already aware of the inherent security issues, including the passing of user credentials between front-end and back-end servers using Basic authentication.

This is tip #2 from "Securing Exchange Server 2003 -- 5 tips in 5 minutes," excerpted from Chapter 8 of the book Microsoft Exchange Server 2003 Delta Guide, published by Sams Publishing.

This authentication method posed a severe security risk for Exchange. Hackers could "sniff" the connection between the servers and work out the credentials from there. This meant that for previous Exchange implementations, you also had to apply IPSec security to the communications between servers to encrypt the information being sent between them. Often, administrators overlooked this security concern, leaving many organizations unaware that there was a potential security risk.

With the introduction of Exchange 2000, NTLM was used as the default authentication protocol between servers. The primary reason for not using Kerberos was the lack of support for the protocol when using clustered servers.

Since Windows 2000 Server SP3, Kerberos authentication is now fully supported for single and clustered servers, meaning that any information or credentials that are passed between servers are secure. This eliminates the vulnerability of "sniffing" or "listening" in on the traffic between the two servers. By default, Kerberos is enabled whenever you add multiple servers to your Exchange topology.

KERBEROS AUTHENTICATION For more information on how Kerberos authentication works, check out http://www.microsoft.com/security.

Securing Exchange Server 2003 -- 5 tips in 5 minutes

 Home: Introduction
 Tip 1: Configuring SSL for Exchange Server 2003
 Tip 2: Exchange Server 2003 Kerberos authentication
 Tip 3: Setting up RPC over HTTP for Exchange Server 2003
 Tip 4: Using cross-forest SMTP authentication with Exchange 2003
 Tip 5: Exchange Server 2003 client security enhancements

This chapter excerpt from Microsoft Exchange Server 2003 Delta Guide, by David McAmis and Don Jones, is printed with permission from Sams Publishing, Copyright 2004. Click here for the chapter download or purchase the book here.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary