As I discussed in Part 1, Microsoft Exchange Server is an application that is prone to security breaches. Luckily, there are an abundant number of third-party security products that can
Yesterday, we looked at some anti-spam third-party security products for Exchange. Today we are focusing on anti-virus and patch management third-party offerings.
Perhaps no security issue with Exchange Server is more pressing than that of anti-virus security. Mydoom became the fastest-spreading virus in history, and there have been several other viruses since then that target Exchange Servers and/or Outlook.
When it comes to anti-virus for Exchange, I personally like Hauri's products (http://www.hauriusa.net). Although virtually unknown in the U.S., Hauri has been a major player in the Asian anti-virus market for years. Hauri's line of ViRobot software is designed to be able to completely reverse the damage caused by most viral infections. Most of the other more popular anti-virus programs simply delete or quarantine infected files rather than repairing them. I also like the Hauri products because they are designed to run with minimal impact on the server's performance.
Another area of Exchange Security that needs to be addressed is that of patch management. Microsoft is constantly releasing new patches for Windows, IIS and Exchange. Without the proper software in place, keeping up with these patches can be a full-time job.
When it comes to patch management, you really need two different pieces of software. One piece needs to tell you which patches are needed, while the other piece of software deploys the patches to your Exchange Servers and mail clients.
For detecting which patches are necessary, I like Microsoft's Baseline Security Analyzer (MBSA). You can download this free tool from Microsoft at http://www.microsoft.com/mbsa.
Microsoft maintains a database of every patch that it has ever released for its various products. MBSA runs a routine to determine which products are installed and what patch versions the machine is currently using. It then cross references this information with a database to determine the patches that need to be downloaded and installed.
As for distributing the patches, I like Microsoft's System Management Server (SMS) 2003 (http://www.microsoft.com/sms) because it is a native Microsoft product and is specifically designed by Microsoft for deploying Microsoft patches to Microsoft operating systems. Combine this with the fact that SMS is a mature product, and you will see why I consider SMS server to be one of the most reliable patch management solutions available.
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies, and numerous other technology companies. You can visit Brien's personal Web sites at http://www.brienposey.com and http://www.relevanttechnologies.com.
This was first published in March 2004