Solidify your Exchange Server security incident response plan

Solidify your Exchange Server security incident response plan

Do you ever feel like you're wearing too many hats in your job as an IT professional? Even if you're a dedicated Exchange Server administrator, you probably have a lot of other responsibilities. However, you may not have thought about security incident response.

Incident response is the science of responding to security breaches. In the context of Exchange management, it's the process of detecting security incidents within your messaging environment and responding to them in a methodical fashion to minimize damage.

Exchange Server-related security incidents might include:

  • Malware outbreaks
  • Denial of service
  • Exploitation of patches

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by Exchange professionals today working with Exchange, Outlook and other related technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchExchange.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchExchange.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Premium Access

Register now for unlimited access to our premium content across our network of over 70 information Technology web sites.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in March 2010

  • by a rogue insider
  • Account enumeration/user harvesting
  • Data leakage
  • Password cracking
  • Spam relaying
  • Data leakage

With each of these incidents, there are specific steps you'll need to take in order to recover from the attack. From penetration analysis to forensics investigation, incident response requires hands-on technical knowledge as well as higher-level business process expertise.

Some steps you'll need to take will be technical, such as creating an Exchange and Windows server log review, running network protocol analysis and administering system patches. Others steps will be more operational in nature -- creating and instating documentation and policy tweaks.

The reality is that you need to have solid incident response procedures in place. If not, you're more likely to react rather than respond, which ultimately leads to increased business risks.

Figure 1 outlines the necessary components for correctly handling Exchange Server breaches:


Figure 1. Essential elements of a good Exchange incident response plan

Although many Exchange Server-related security incidents can be prevented in the first place, you'll still need some documented guidance to refer to when you do need it. Remember, a breach can snowball and affect your Exchange incident response, encompassing your entire network -- from applications to databases to mobile devices.

If your Exchange Server organization is developing an incident response plan, it's helpful to start small, base it around your Exchange environment and build out from there. This will keep you ahead of the pack and prepared for the worst.

 

ABOUT THE AUTHOR:   
 
Kevin Beaver
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Having worked for himself over the past seven years, he specializes in performing independent security assessments and helping IT professionals enhance their careers. Kevin has also authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). In addition, he's the creator of the Security On Wheels information security audio books and Security on Wheels blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.
 


Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top