Introduction

Overview

Computer security was once thought to be the exclusive province of somber men in dark suits and nerdy, whey-faced hackers. While both of these archetypes are still well-represented in the computing industry, the last two years have witnessed an explosive growth in the number of organizations that are seeking to boost the strength of their security. I attribute this growth to a number of factors:

• Increased public awareness of security and privacy problems on the Internet and in private networks. While most of the media attention has focused (unfairly) on Microsoft-specific problems, the sad truth is that the Internet infrastructure we depend on daily is riddled with holes, as are commercial operating systems of all stripes—not just Windows.

• Expanding value of information assets. For many businesses, the entire value of their operations is tied up in bits sitting on disks; software firms, financial traders, and other non-manufacturing businesses often don’t have any physical inventory or assets, apart from office furniture and the like.

• Growing awareness of the legal and financial liability associated with security breaches. Various organizations, including the FBI, the General Accounting Office, and assorted security firms, have produced estimates for the yearly toll of computer crime that range from “we don’t know because most places don’t report intrusions” to laughably high multi-trillion dollar amounts. However bogus they appear, these estimates have laudably helped focus attention on the fact that when your network is attacked, there is a real cost—someone has to repair the compromised machines, restore their data, and so forth.

Because of these factors, more and more organizations want to improve their network and operational security. This book is intended to help you assess the security of your Exchange 2000 messaging systems, and then fix any deficiencies you find.