Case Scenario Exercise


You are the Exchange Full Administrator in a branch of Woodgrove Bank. Your Exchange organization comprises four front-end Exchange Server 2003 servers configured as a network load sharing cluster and two back-end Exchange Server 2003 servers configured as a Windows cluster to provide failover protection. Your domain controllers and member servers are all Windows Server 2003 servers.

Security is a major issue. Senior management needs to be assured that viruses, worms, and Trojan horses cannot attack the intranet. Spam and junk e-mail are particular areas of concern as they waste staff time and resources. Confidential e-mails containing financial information need to be encoded, and the senders of such e-mails need to be verified.

You have strong firewall protection for your domain controllers and back-end Exchange Server 2003 servers. However, your front-end Exchange Server 2003 servers are in a DMZ. Your organization uses POP3 clients but not IMAP4 clients. Financial information is sent to your Web server using SSL encryption. Employees are permitted to download their personal files onto laptops so that they can work on them at home. Currently, the Encrypting File System (EFS) is used to encrypt these files.

  • Requirement 1 You need to upgrade your antivirus software. You need to be assured that this software is compatible with Exchange Server 2003 servers. You also need to ensure that security patches and virus signatures are downloaded regularly and that immediate downloads occur if there is a known Internet threat.

  • Requirement 2 Management accepts that unsolicited commercial mail cannot always be blocked. Nevertheless, you are required to minimize the level of such traffic. In particular, mail from known spamming organizations must be blocked.

  • Requirement 3 You need to block all unused ports on your firewall. In addition, you need to disable any services that are not required. Your organization should offer the smallest possible target to an attacker.

Requirement 1

The first requirement involves upgrading your antivirus software.

  1. You have been asked to find an antivirus software package that will protect your organization. This software must be fully compatible with Exchange Server 2003. Commercial antivirus software that was previously installed on the system has been found to be unsatisfactory. You need to identify a reputable company that can provide a professional product. How do you proceed?

  2. Your chief information officer (CIO) wants to ensure that viruses never enter the intranet. She wants you to block them at the firewall. Therefore, she sees no need for antivirus software on the servers or clients. Do you agree with her? Why or why not?

  3. A user reports that a self-extracting zip file that was e-mailed to him as an attachment did not unzip. When a zip file that was not self-extracting was sent to him, he was able to unzip it without any problems. How do you explain this to him, and what action (if any) do you take to remedy this situation?

Requirement 2

The second requirement involves minimizing unsolicited commercial e-mail and blocking e-mail from known spammers.

  1. You have a block-list service provider configured, but you continue to receive unsolicited commercial e-mail from several senders. You have identified nwtraders.com and treyresearch.com as junk mail senders. They are not on your RBL. How can you block the messages coming from them?

  2. You have shown your chief executive officer (CEO) how he can configure Outlook 2003 on his client machine to filter out junk mail from a known sender. He is now concerned about the amount of time that needs to be spent configuring Outlook on all the client machines and listing all possible junk e-mail sources. What do you tell him to put his mind at rest?

Requirement 3

The third requirement involves ensuring that your firewall is as secure as possible and stopping any unnecessary services.

  1. Given the scenario described, what ports need to be open on your firewall?

  2. What services should you disable on your front-end servers? List only the services that are definitely not required, rather than the ones which can optionally be disabled.




MCSA/MCSE Self-Paced Training Kit (Exam 70-284(c) Implementing and Managing Microsoft Exchange Server 2003)
MCSA/MCSE Self-Paced Training Kit (Exam 70-284): Implementing and Managing MicrosoftВ® Exchange Server 2003 (Pro-Certification)
ISBN: 0735618992
EAN: 2147483647
Year: 2003
Pages: 221

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net