|
accelerators, SSL, 303
access control. See also Outlook Web Access, access control
defining, 4
Exchange modifications to, 42, 48–49
Instant Messaging, 336–39
Outlook Web Access security, access control, 288–97
overview of, 5–7
physical, 75
POP3/IMAP, 324–26
Windows, 42, 47–48
access control entries. See ACEs (access control entries)
access control lists (ACLs), 6
Access Control Settings dialog box, 353
Access Permission page, Virtual Directory Creation Wizard, 300–1
Access tab, SMTP (Simple Mail Transfer Protocol) virtual server Properties dialog box, 143
account logon events, auditing, 358–59
account management events, auditing, 357– 58
Account Operators group, 45–46
accounts. See also delegation
built-in, 43–44
Exchange installation and, 121–25
lockout policy settings, 105–7
logon process for, 46–47
ACEs (access control entries)
adding restrictions to, 135–37
defined, 43
delegating by property sets, 132–33
delegating on Users container, 129
granting permission to other mailboxes, 169
granting to individual properties, 134–35
overview of, 6
Windows’ rules for, 47–48
ACLs (access control lists), 6
ACM (Association for Computing Machinery), 71
Active Directory
authentication mechanisms, 5
as certificate publisher, 23
enabling auditing for, 351
Exchange installation design for, 118–20
PKI integration with, 226
smart cards and, 240
Active Directory Connector (ADC), 120–21
Active Directory Object Type page, Delegation of Control Wizard, 128
Active Directory Users and Computers
applying policy templates, 112–14
granting permission to other mailboxes, 168–69
IMAP and POP access control, 325
Instant Messaging access control, 336–37
KMS access control, 250
Outlook Web Access, access control, 294
ADC (Active Directory Connector), 120–21
Add/Edit Destination dialog box, 315–16
Add/Remove Snap-In dialog box, 207–8
Additional Security page, IIS Lockdown, 108–9
address book, Outlook
controlling access to, 269–71
securing, 263
Administrator account. See also delegation
Exchange installation and, 124
overview of, 43–44
running /forestprep on, 122
administrators
auditing, 348
confidentiality and, 9–10
delegating mailbox management, 129–31
Exchange installation and, 119–20
privacy and, 11
reading other people’s mail, 166–69
Administrators group
defined, 45
delegating mailbox management, 129–31
running /forestprep, 122
Administrators tab, KMS Key Manager object, 249
Admpack.exe, Outlook Security Update, 265–66
Advanced Certificate Requests page, Windows Certificate Service CA, 196
Advanced Encryption Standard (AES), 18–19
Advanced Request option, Windows Certificate Services CA, 196
Advanced Security object, KMS, 247
AES (Advanced Encryption Standard), 18–19
AH (Authentication Header), 31–32, 33
alarms, physical security, 76
algorithms, 15–29
additional reading, 40
defining, 15
digital signatures, 28–29
hash, 26–29, 243
overview of, 15–16
public-key encryption, 25–26
secret-key encryption, 16–20
S/MIME version 3, 264–65
Anonymous Access check box, SMTP Authentication dialog box, 146
Anti-Virus Application Programming Interface (AVAPI), 180, 184–85
antivirus protection, 177–88
additional reading, 13, 187
cleaning up viruses, 180
desktop and, 182
Exchange server, 182–86
finding viruses, 178–79
perimeter entry points, 180–82
security and risk analysis of, 186–87
AOL ICQ Instant Messenger, 342–43
AOL Instant Messenger, 342–43
application logs, 347, 348
archives, IM traffic, 345
assets, risk assessment, 65, 69–71
Association for Computing Machinery (ACM), 71
attachments, Outlook
blocking, 304
content filtering, 165
encrypting, 279
Outlook Security Settings tab and, 268–69
overview of, 260–63
Security Update and, 260
settings for end users, 272–73
attacks
DDoS, 63
DoS, 63
information compromise, 64
information disclosure, 64
penetration, 63
SIDs and, 118
spoofing, 63
springboard, 61
auditing, 347–60
access controls and, 7
account logon events, 358
account management events, 357–58
additional reading, 360
changing settings for, 349–52
DumpEl and, 357
DumpEvt and, 357
EventCombMT and, 354–56
Exchange features for, 42
log entry contents, 349
logon events, 359
monitoring access to folders, 352–54
Perl and, 357
privilege use, 359–60
setting audit log policies, 103–5
understanding, 247–349
Auditing Entry dialog box, 353
AUTH verb, 144
Authenticated Users group, defined, 45
authentication. See also Outlook Web Access, access control
built-in account/group, 43–46
digital certificate, 221–22
IMAP/POP, 324–25
IPsec, 214
logon process, 46–47
opening firewall ports for, 308
Outlook Web Access, 285–88
overview of, 4–5
protocols, 35–39
SMTP virtual server, 146–47
technical access controls and, 6
Authentication dialog box, SMTP, 146–47
Authentication Header (AH), 31–32, 33
Authentication Method page, IP Security Policy Wizard, 209
Authentication Methods dialog box, Outlook Web Access, 290
Authentication Methods page, Security Rule Wizard, 210–11, 312
authenticode, 223–24
authorized users, defined, 3
auto-enrollment, publishing CTLs, 252
AVAPI (Anti-Virus Application Programming Interface), 180, 184–85
|