Tip

Securing Exchange


Securing Exchange
Barrie Sosinsky

Security issues come rolling down the pike at breakneck speed. Once you've analyzed your network for potential threats and discovered any holes in it, take a look at the security tools you have and see if you are using them to your best advantage.

Number one, you should have your Exchange Server machine in a restricted-access location. Always lock the server's console when you leave it unattended. There are built-in security features of Exchange Server that should be put into place. They require little overhead and should meld with the security features of your operating system.

By default, anyone on the network can read SMTP traffic that crosses the network, because SMTP sends messages and authentication in clear text. Both Exchange 2000 and Exchange Server 5.5 let you use Secure Sockets Layer (SSL) technology to encrypt the SMTP traffic as it passes between the mail servers. You can use SSL only when both servers support SSL, and it does not provide authentication between servers. Using SSL on your internal network may seem excessive yet many companies combine SSL with internal firewalls simply to limit the risk of information leaks.

To enable SSL in Exchange Server 5.5, first Open Exchange Administrator, right-click on the Internet Mail Service and choose Properties. Next go to the Security tab, which lists the fully Qualified Domain Name for which you have defined a security policy.

    Requires Free Membership to View

Most likely your list will contain a single entry named <default>. Select the domain for which you want to modify the security policy and click on Edit. The dialog box for Edit-Email Domain security information will appear. Select SAS/SSL security. Be sure and select the SSL encryption check box, and finally, Click OK.

Exchange 2000 uses the TLS or Transport Layer Security protocol, which is based on and completely interoperable with SSL. Enabling TLS is similar to enabling SSL. First open the MMC or Microsoft Management Console, Exchange System Manager snap-in and navigate to the SMTP virtual server for which you want to turn on TLS. Right-click the virtual server and choose Properties to open the Properties dialog box and go to the Access tab. Click on Authentication. Be sure to select the Enable SSL client authentication check box and go to the Deliver tab and click Outbound Security. Select the TLS encryption check box and then click on OK. Turning on SSK or TLS protects the outbound messages, but doesn't protect traffic from the clients. To fix this problem, enable the use of SSL with OWA, and you can request that POP3 or IMAP4 users use a client that supports the use of SSL with POP3 and/or IMAP4.


Barrie Sosinsky (barries@killerapps.com)is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.


This was first published in November 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.