Home
Topics
Exchange Server Security

How to secure Exchange Server 2010 post deployment

So you’ve deployed Exchange 2010, but are you confident in its security? If you’re unsure, make certain you’ve checked off these seven items.
All Outlook 2010 Trust Center settings are not creat...

The Outlook 2010 Trust Center offers plenty of security settings to administrators. That doesn’t mean they’re all important though.
Don’t overlook security add-ons when troubleshooting...

Third-party add-ons are supposed to aid and protect Outlook, right? They may be hurting more than they’re helping if not properly configured.
An overview of Forefront Protection 2010 for Exchang...

Take a deep dive into Forefront Protection 2010 for Exchange Server and see how it helps defend Exchange 2010 from spam and malware attacks in mult...

Exchange Security

Spam and virus protection
Email Compliance
Email Encryption
Email Policy Management
ISA Server and Firewalls
Password Management
Microsoft Exchange Server Permissions
Phishing and Email Fraud Protection
User Authentication for Outlook and OWA
Virtual Private Networks (VPNs)

Premium Access

Register now for unlimited access to our premium content across our network of over 70 information Technology web sites.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Six commonly overlooked Exchange security vulnerabilities

Think you’re taking the steps needed to fully secure Exchange? Think again.Tip
tarpitting

Tarpitting is the practice of slowing the transmission of e-mail messages sent in bulk, as a means of thwarting spammers. The intent is to maintain a high quality of service for legitimate users while making the sending process impractical for spammers, who -- because of low response rates -- must be able to send vast volumes of messages quickly and inexpensively.Definition
Optimizing the OWA experience

Improve OWA performance and protect users with custom configurations, some simple HTML code and an EMS command.Tutorial
Addressing Outlook Web App 2010 security concerns

New, user-friendly features may make OWA 2010 more appealing, but with increased use comes increased security threats. Use these tactics to protect your network.Tip
Free Exchange add-on picks up native spam filtering slack

It's no secret that Exchange administrators hate spam. Protect users with a free add-on that bolsters Exchange’s native spam filtering.Tip
Exposing SMTP and IMAP’s security vulnerabilities in Exchange Server

Even though SMTP and IMAP have built-in features to protect Exchange’s external mail transmissions, both protocols are still susceptible to security vulnerabilities. See how easily both can be compromised.Tip
Securing Exchange Server communications via SMTP and IMAP

IMAP and SMTP have built-in security features to protect Exchange Server's external mail transmissions. Do these legacy protocols offer enough protection?Tip
Exchange Server migration and security quiz

Test your knowledge of Exchange 2007, Small Business Server, email security issues, single-server installations and other Microsoft Exchange topics with our quiz.Quiz
throttled data transfer

Throttled data transfer, also known as data transfer throttling or lean data transfer, is the deliberate regulation of the data transfer rate in a communications system... (Continued)Definition
Built-in security tools help defend Exchange Server 2010

Exchange 2010 includes more built-in security tools than previous server versions. This tip examines some common vulnerabilities and which native tools protect against them.Tip
VIEW MORE ON : Spam and virus protection

Built-in security tools help defend Exchange Server 2010

Exchange 2010 includes more built-in security tools than previous server versions. This tip examines some common vulnerabilities and which native tools protect against them.Tip
Exchange Insider e-zine

Exchange Insider offers a comprehensive look at Exchange Server administration, including setting up and overseeing proper email archiving policies and procedures, migrating to Exchange Server 2007, ensuring Exchange security througout your organization and information on unified communications deployment.Ezine
Is full email encryption the solution to Exchange security?

Many security officers would suggest that encrypting every email that goes through Exchange is the best way to protect your organization. A better approach is to focus on security basics first and then and think about encrypting email.Tip
Create a journal rule in Exchange 2007 to secure journaling mailboxes

There are several regulations in Exchange Server 2007 regarding message retention, many of which require you to guarantee that your archives can't be tampered with. Because storing journaling archives off-site isn't allowed in Exchange 2007, you must mail-enable a contact to secure your Exchange journaling mailboxes from attacks. Learn how with this tip.Tutorial
Set up messaging records management (MRM) in Exchange Server 2007

After moving Exchange Server 2007 mailbox data from .PST files to another location, it's best to manage this data using messaging records management (MRM). This tip from Microsoft MVP Brien Posey explains how to plan, implement and test a successful MRM solution.Best Practices Guide
Exchange event sink scripting error when configuring email disclaimer

Find out how to troubleshoot problems scripting Exchange Server email disclaimers and signatures.Ask the Expert
Email archiving and e-discovery best practices for Microsoft Exchange

Learn Exchange Server email archiving and e-discovery best practices, including how to implement backups, email retention and archiving strategies.Best Practices Guide
email bankruptcy

Email bankruptcy is an acknowledgement that your email has become unmanageable and the decision to either purge your inbox and start afresh or, more radically, to renounce email altogether... (Continued)Definition
How to set up email disclaimers on a single, back-end Exchange server

Learn how to add an automated email disclaimer or signature to outgoing Microsoft Outlook messages on an Exchange 2003 server without add-in software.Tip
How to set up Exchange 2007 message classifications

Learn how to set up Exchange 2007 message classifications and transport rules to secure and control the way email is handled and distributed in your organization.Tutorial
VIEW MORE ON : Email Compliance

How to secure Exchange Server 2010 post deployment

So you’ve deployed Exchange 2010, but are you confident in its security? If you’re unsure, make certain you’ve checked off these seven items.Tip
Your guide to our Exchange explained series

Unsure about what hosted Exchange is, or what it means to virtualize an Exchange server? Our Exchange explained series dissects those topics and more.guide
All Outlook 2010 Trust Center settings are not created equal

The Outlook 2010 Trust Center offers plenty of security settings to administrators. That doesn’t mean they’re all important though.Tip
Protecting Outlook 2010 with group policy security settings

Your Exchange servers may be secure, but neglecting to protect Outlook 2010 puts your company at risk. Learn some group policy security settings that prevent security disasters.Tip
Are Exchange wildcard certificates worth the risk?

Wildcard certificates offer Exchange shops flexibility and financial savings, but with those benefits come risks. Here are some wildcard certificate pros and cons to consider.Tip
How to add certificates to Exchange Server 2010

Are you trying to import a new certificate into Exchange 2010? Check out these simple steps.Tip
Six commonly overlooked Exchange security vulnerabilities

Think you’re taking the steps needed to fully secure Exchange? Think again.Tip
Addressing Outlook Web App 2010 security concerns

New, user-friendly features may make OWA 2010 more appealing, but with increased use comes increased security threats. Use these tactics to protect your network.Tip
Exchange Server 2010 message security explained

Exchange Server 2010 addresses the emergence of email as a vital yet vulnerable business tool by increasing message security. Find out which features Microsoft has enhanced.Feature
Built-in security tools help defend Exchange Server 2010

Exchange 2010 includes more built-in security tools than previous server versions. This tip examines some common vulnerabilities and which native tools protect against them.Tip
VIEW MORE ON : Email Encryption

What's the best way to set Exchange mailbox size limits?

Get tips and expert advice on the best way to set Exchange mailbox size limits for users.Answer
Custom email filtering with Forefront Protection 2010 for Exchange

ForeFront Protection 2010 for Exchange helps keep spam and viruses at bay. But did you know you can also use its custom email filters to enforce corporate email policies?Tip
RPC over HTTP

RPC over HTTP (Remote Procedure Call over HTTP) is a protocol that allows a client on the Internet to connect securely to a Microsoft Exchange Server without having to log into a virtual private network (VPN) first.Definition
Exchange Server 2010 message security explained

Exchange Server 2010 addresses the emergence of email as a vital yet vulnerable business tool by increasing message security. Find out which features Microsoft has enhanced.Feature
Exchange user doesn't have to enter a password when logging on

If an Exchange user doesn't need to enter a password when logging on, is it a problem? Learn the difference between implicit and explicit logon behavior.Ask the Expert
FSW will remove Exchange and hop on Gmail

If they can do it so can we, says one non-profit that will follow in the footsteps of Los Angeles and boot Exchange for Gmail.Article | Tue Jan 12 00:00:00 EST 2010
POP3 email not appearing in Outlook 2007

Take a look at the steps you should take to resolve issues you may have with an additional POP3 email account not showing up in Outlook 2007.Ask the Expert
Exchange admins: Is it time to rethink your email address policy?

How can an email address policy setting affect your Exchange Server organization's overall security? And is it time to change that policy? Let's find out.Tip
Changing email address formats in Exchange Server 2003

Find out how to change the email address formats in Active Directory while using Exchange Server 2003.Ask the Expert
Configuring the default recipient policy in an Exchange 2003 environment

Learn the best way to configure the default recipient policy in an Exchange 2003 test environment.Ask the Expert
VIEW MORE ON : Email Policy Management

Requirements for connecting mobile devices to Exchange 2003

Take a look at the different requirements for mobile devices such as an iPhone or Blackberry to connect to Exchange Server 2003.Ask the Expert
Top 5 Exchange mobile tips of 2008

Why Exchange ActiveSync fails with NAT firewalls, avoiding Exchange 2007 Direct Push failures and how to decide between OWA Light and Exchange ActiveSync were just some of the top mobile tips that caught our readers' eyes in 2008.The Year in Review
Microsoft Exchange Server security dos and don'ts

Microsoft Exchange Server email security threats, such as spam and viruses, are a constant concern. What is the best method for protecting an Exchange Server organization against these email threats? Which antivirus and antispam products offer the most complete protection? Read these Exchange Server security practices to get answers and effectively deal with spam and virus email threats.Checklist
Windows SBS and Exchange Server security configuration best practices

Discover how to maximize Microsoft Exchange Server security on Windows SBS with or without ISA Server as a network firewall security feature.Ask the Expert
Why Exchange ActiveSync fails with NAT firewalls

Discover why Exchange ActiveSync fails when Exchange Server 2003 sits behind a network address translation (NAT) firewall.Tip
Deploying ISA Server as a firewall for Exchange Server mobile devices

Read about deploying ISA Server 2006 as a firewall to secure, authenticate and encrypt ActiveSync synchronization with Exchange 2003 or 2007 mobile devices.Tip
Adjust your firewall to avoid Exchange 2007 Direct Push failures

Read how Direct Push works with Exchange Server 2007 and how to adjust firewall session timeout periods to avoid mobile device connection failures.Tip
OWA stops working from external network connection

When Outlook Web Access users have trouble accessing OWA from an external network connection, follow this troubleshooting advice from our expert.Ask the Expert
Enhance OWA logon security using Microsoft ISA Server

Learn how to enhance Outlook Web Access logon security using Microsoft ISA Server to prevent users from accessing other users' Exchange 2003 mailboxes..Ask the Expert
Firewall problems with Exchange Server 2007 email attachments

Exchange Server 2007 can experience problems sending email attachments when communicating through certain firewalls and generate a "5.5.2 Invalid data in message" error.Tip
VIEW MORE ON : ISA Server and Firewalls

Four reasons why Outlook passwords are not being saved

There are several potential reasons why your users’ Outlook passwords for Exchange are not being stored. Our expert examines the top four and their fixes.Answer
Six commonly overlooked Exchange security vulnerabilities

Think you’re taking the steps needed to fully secure Exchange? Think again.Tip
Exposing SMTP and IMAP’s security vulnerabilities in Exchange Server

Even though SMTP and IMAP have built-in features to protect Exchange’s external mail transmissions, both protocols are still susceptible to security vulnerabilities. See how easily both can be compromised.Tip
Analyzing Exchange Server security risks and vulnerabilities

Knowing which security risks and threats can harm your Exchange Server environment is great, but having a plan in place to combat them is even better.Podcast
Exchange user doesn't have to enter a password when logging on

If an Exchange user doesn't need to enter a password when logging on, is it a problem? Learn the difference between implicit and explicit logon behavior.Ask the Expert
Lock down direct file access and protect OWA users

Built-in OWA security features may not be enough to secure direct file access. If you can't disable the feature, what's the next best security measure?Tutorial
Configure a POP3 connector to receive external email on SBS 2003

Find out how to configure your POP3 connector and external email server to receive email on Windows Small Business Server (SBS) 2003 with Exchange 2003.Ask the Expert
Manage user rights and access to Outlook Web Access (OWA) mailboxes

Configure Exchange System Manager settings to limit Outlook Web Access (OWA) mailbox access on Exchange 2003 so users must enter a username and password.Ask the Expert
Unsecured devices worry IT professionals

IT admins keep working to make networks secure even as more unsecured personal gadgets, like smart phones and BlackBerrys, find their way into companies.Article | Tue Sep 26 00:00:00 EDT 2006
Protecting Outlook Web Access from keystroke loggers

Outlook Web Access is extremely vulnerable to keystroke loggers. This tip discusses the various methods available for protecting OWA against keystroke loggers, as well as their pros and cons. It then explores more secure alternatives to OWA that still allow remote users access to their Exchange Server mailboxes.Tip
VIEW MORE ON : Password Management

All Outlook 2010 Trust Center settings are not created equal

The Outlook 2010 Trust Center offers plenty of security settings to administrators. That doesn’t mean they’re all important though.Tip
Exchange 2010 role based access control explained

Exchange 2010’s new permissions model, role based access control, is helpful but can be daunting due to the number of roles and groups available. Start with the basics in this tip.Feature
Role group management commands for Exchange Server 2010

Role group management has changed in Exchange Server 2010. Take a look at which EMS commands you'll need to use to create role groups, add and remove members and more.Tip
Why it pays to know Exchange Server 2007 administrative controls

Step up your knowledge of Exchange Server 2007 administrative roles before diving into Microsoft's new Exchange Server 2010 administrative model and groups.Tip
Exchange users receiving email addressed to legacy users

Find out the best way to prevent email addressed to Exchange legacy users from flooding your inbox.Ask the Expert
Why you should secure Exchange 2007 using administrative policies

When securing Exchange Server 2007, administrators should look beyond internal security options to administrative policies. These policies dictate how to configure and run the Exchange organization. Typically, administrative policies vary from company to company because everyone has different needs. Although Microsoft doesn't have any official guidelines for Exchange Server administrative best practices, here are some rules that can benefit most companies.Tip
Restrict access to Outlook Web Access via Exchange System Manager

Learn how to configure Exchange System Manager (ESM) to restrict certain users from accessing Outlook Web Access (OWA), without limiting users' LAN access.Ask the Expert
Editing Exchange Server public folder permissions

Find out how to edit permissions on Microsoft Exchange Server public folders using Exchange System Manager (ESM).Ask the Expert
Can't delete old Microsoft Outlook public folders

Without proper Exchange Server permissions, an administrator is unable to delete old Microsoft Outlook public folders. Here's a workaround.Ask the Expert
Why can't I grant users permissions to an Exchange public folder?

Exchange Server public folder permissions can be complex. Get troubleshooting advice on delegating permissions to Exchange Server public folders here.Ask the Expert
VIEW MORE ON : Microsoft Exchange Server Permissions

All Outlook 2010 Trust Center settings are not created equal

The Outlook 2010 Trust Center offers plenty of security settings to administrators. That doesn’t mean they’re all important though.Tip
Custom email filtering with Forefront Protection 2010 for Exchange

ForeFront Protection 2010 for Exchange helps keep spam and viruses at bay. But did you know you can also use its custom email filters to enforce corporate email policies?Tip
Protecting Outlook 2010 with group policy security settings

Your Exchange servers may be secure, but neglecting to protect Outlook 2010 puts your company at risk. Learn some group policy security settings that prevent security disasters.Tip
An overview of Forefront Protection 2010 for Exchange Server

Take a deep dive into Forefront Protection 2010 for Exchange Server and see how it helps defend Exchange 2010 from spam and malware attacks in multiple types of environments.Tip
Six commonly overlooked Exchange security vulnerabilities

Think you’re taking the steps needed to fully secure Exchange? Think again.Tip
Information Rights Management protection in Exchange 2010 SP1

Nearly all organizations send and receive sensitive information via email. And although they exist, corporate policies alone won’t protect you. Enter Information Rights Management.Tip
Securing Exchange Server communications via SMTP and IMAP

IMAP and SMTP have built-in security features to protect Exchange Server's external mail transmissions. Do these legacy protocols offer enough protection?Tip
Built-in security tools help defend Exchange Server 2010

Exchange 2010 includes more built-in security tools than previous server versions. This tip examines some common vulnerabilities and which native tools protect against them.Tip
Analyzing Exchange Server security risks and vulnerabilities

Knowing which security risks and threats can harm your Exchange Server environment is great, but having a plan in place to combat them is even better.Podcast
Solidify your Exchange Server security incident response plan

One of your duties as an Exchange administrator is to create and follow an incident response plan. Here's why it's important to prepare for a security breach in your Exchange Server organization.Tip
VIEW MORE ON : Phishing and Email Fraud Protection

Is NTLM a smart way to authenticate to Exchange Server 2010?

Microsoft discontinued support for NTLM in Exchange 2010 RTM, then reinstated it in Exchange 2010 SP1. But is it a good way to authenticate to Exchange?Answer
Vouch by Reference (VBR)

Vouch By Reference (VBR) is a protocol for adding third-party certification to email. The first part of the protocol requires the sender to add information to their email header by creating a field called VBR-Info.Definition
Lock down direct file access and protect OWA users

Built-in OWA security features may not be enough to secure direct file access. If you can't disable the feature, what's the next best security measure?Tutorial
Obtaining and verifying SSL certificates in Exchange Server

Many security features in Exchange Server rely on SSL. Obtaining trusted certificates can tighten security and boost performance for SSL-based applications, including OWA and Exchange mobile devices.Tip
Top 5 Outlook Web Access (OWA) tips of 2008

Based on your views, here are the top five Microsoft Outlook Web Access (OWA) tips of 2008. Discover how to customize an OWA authentication logon, fix message size limits, repair damaged virtual directories and more with this collection of top tips.The Year in Review
Manage user rights and access to Outlook Web Access (OWA) mailboxes

Configure Exchange System Manager settings to limit Outlook Web Access (OWA) mailbox access on Exchange 2003 so users must enter a username and password.Ask the Expert
Create a secure Microsoft Outlook Web Access (OWA) redirect page

Incorrectly typing the URL for your Microsoft Outlook Web Access (OWA) page will result in an error message. Because users may mistakenly type HTTP instead of HTTPS to access OWA, you can easily create an OWA redirect page that doesn't sacrifice secure sockets layer (SSL) security. This tip explains the steps to create your own secure OWA redirect page so that users can still access an SSL-enabled OWA website, even after typing HTTP.Tip
Why does a security alert pop up when accessing Outlook Web Access?

Find out how to prevent security alerts when users access Outlook Web Access (OWA) from Internet Explorer.Ask the Expert
OWA won't load after applying Exchange 2007 SP1 security patch

Microsoft's security patch, Update Rollup 2 for Exchange Server 2007 SP1, can break the Client Access server. When this occurs, logging into Outlook Web Access (OWA) returns a blank screen. Find out how to fix this OWA issue and also how to avoid future patching problems.Tip
Minimize remote and mobile Outlook Web Access (OWA) security risks

Get tips on securing Outlook Web Access (OWA) for mobile users such as setting up a dedicated virtual OS and creating strict group policies to lock down IE.Tip
VIEW MORE ON : User Authentication for Outlook and OWA

VPN setup requirements for Microsoft Exchange Server

Before setting up a virtual private network (VPN) to connect remote users to Microsoft Exchange Server, find out what VPN hardware and software is needed.Step-by-Step Guide
Sober strike set for January

VeriSign's iDefense group has spotted what could be a new Sober variant set to strike early next year. While the warning may thwart the attack, it's clear that mass-mailer worms aren't going away quietly.Article | Tue Dec 13 00:00:00 EST 2005
Forcing Outlook to use local vs. domain credentials

Ask the Expert
How to set up a VPN for Windows XP Professional

Ask the Expert
Step-by-Step Guide: How to set up a VPN

A VPN is extremely useful to an organization with a lot of remote users, but it can be somewhat complicated to set up. This guide will walk you step-by-step through the process.Tip
Step 6: Create a remote access policy

Step-by-Step Guide: How to set up a VPN, part 6Article | Sun Mar 20 00:00:00 EST 2005
Step 1: Setup requirements

Step-by-Step Guide: How to set up a VPN, part 1Article | Sun Mar 20 00:00:00 EST 2005
Step 3: Create an enterprise certificate authority

Step-by-Step Guide: How to set up a VPN, part 3Article | Sun Mar 20 00:00:00 EST 2005
Step 7: Configure the VPN server

Step-by-Step Guide: How to set up a VPN, part 7Article | Sun Mar 20 00:00:00 EST 2005
Step 8: Associate the VPN server with the DHCP server

Step-by-Step Guide: How to set up a VPN, part 8Article | Sun Mar 20 00:00:00 EST 2005
VIEW MORE ON : Virtual Private Networks (VPNs)

About This Topic

Constant threats from spam, phishing, and viruses and the increase in email compliance and e-discovery requirements mean messaging administrators need to be well-versed on a variety of email security issues. Discover tools, tips and tutorials that will help secure and protect email in a Microsoft Exchange Server environment. You'll learn how to configure policies and encyption, set up a VPN or firewall, manage user passwords and permissions, and more.

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Exchange Security

Premium Access

About This Topic

More from Related TechTarget Sites