| A key consideration for security is risk and the costs associated with securing information. This is not just about determining the monetary value of the information but equally important is assessing the different types of risks and the value of the information. Ask yourself how much would it cost the organization if the information was destroyed , altered , or stolen. This is not an easy task; in fact, it is often a daunting one. While monetary values can easily be associated with some types of information, other information may be nearly impossible to assess. The important thing to remember is that it's essential to secure your resources and a balance must be struck between the cost of securing the information with the information's value. Once the assessment process is initiated, it is important to begin analyzing possible security vulnerabilities for the service or functionality that the organization is offering. The following are some of the security risks to investigate and protect against for Exchange Server 2003: -
Denial of Service A denial of service, or DoS, occurs when a user either maliciously or surreptitiously performs some action that causes a service interruption. The interruption may affect targeted users or the entire server. An example might be the "ping of death" or a specially crafted email header that consumes the entire Exchange server processing time. -
Viruses or Trojan Horse Messages Viruses, email worms, and Trojan Horse messages are the bane of the messaging world. They can cause many hours of lost productivity, and keeping on top of this issue can be a full-time job. Thankfully, Exchange Server 2003 has numerous features that help administrators and antivirus vendors combat this problem. -
Spam Unfortunately, unsolicited email (spam) is destined to be a part of the messaging community's life for a very long time ”if not forever. It forces unwanted and frequently objectionable material into users' inboxes, costing Internet users billions of dollars annually. The reason is simple: Spam is a cheap way for mass-marketers to get their message out to a wide segment of people. -
Intentional Attacks These attacks are usually targeted at a specific entity or messaging system. Attacks may occur to disrupt normal business operations or compromise a known vulnerability in the company's messaging system. The administrator should bear in mind that some intentional attacks are used to focus attention away from the "real" attack. -
Message Spoofing Message spoofing is a tactic used by many email worms, such as KLEZ and BugBear, as well as some intentional attacks by malicious users. Message spoofing alters SMTP headers so that mail appears as though it came from a different address or messaging server. These messages are sometimes difficult and time-consuming to troubleshoot. |
