What s in This Book

Previous page
Table of content
Next page


What’s in This Book

This book is divided into five parts, each of which focuses on a particular set of topics.

Part I: Security Fundamentals

Chapter 1 is a gentle introduction to security concepts and buzzwords. It’s designed to indoctrinate you to the way security professionals think about security, beginning with establishing a common vocabulary and set of concepts.

Chapter 2 focuses on security algorithms and protocols, including those used to provide encryption, authentication, and message integrity. While this chapter features lots of acronyms, the topics discussed here are useful because they form the backbone of all of Exchange’s security features.

Chapter 3 examines the security features of Windows 2000. These features are important because Exchange depends on them; while there are a few Exchange- specific security features, most of what we think of as Exchange security is actually provided by the underlying operating system.

Chapter 4 is a survey of risk assessment. Entire books have been written on this topic, and there are trained professionals who can help you precisely quantify what risks your organization faces. This chapter will give you a head start on figuring out what you really stand to lose if you suffer a successful attack.

Chapter 5 covers operational security, the discipline of not revealing information about your environment unnecessarily. “Loose lips sink ships” is still the watchword, and this chapter will help point out some ways that you might unknowingly be leaking information.

Part II: Exchange Server Security

This part discusses, in depth, how to secure your Exchange server by hardening the underlying Windows configuration, installing Exchange securely, and protecting yourself against viruses, spam, and “bad” content.

Chapter 6 is devoted to Windows hardening. Even if you think you’re in good shape, you should read it carefully and make sure that your patch evaluation and distribution system is set up properly.

Chapter 7 covers the intricacies of installing Exchange securely: giving the right permissions to the right people. Even though you’ve probably already installed Exchange, this chapter is worth reviewing to ensure that your permissions accurately reflect what you want people to be able to do.

Chapter 8 describes how to control SMTP relaying and spam. Exchange 2000 ships with good defaults for this already, but you should definitely understand what these settings do, when to change them, and when to leave them alone.

Chapter 9 discusses one area where Exchange is fairly weak: content filtering and scanning. Don’t despair, because part of this chapter is dedicated to evaluation criteria you can use when choosing a third-party content filtering product.

Chapter 10 is all about viruses; more specifically, it’s all about how to keep them out of your Exchange system by providing multiple layers of defense.

Part III: Communications Security

Once the underlying server is secure, you’re ready to start worrying about the security of its communications channels.

Chapter 11 delves into the requirements for protecting your server’s communications with TLS and IPsec, as well as how to use Microsoft’s Internet Security and Acceleration (ISA) Server to securely publish Exchange services for MAPI clients.

Chapter 12 is dedicated to public-key infrastructure material, including explanations of how to set up your own PKI and what you can do with it. This is a fairly deep topic, but the information here will help you understand how to deploy an Exchange-ready PKI.

Part IV: Client Security

When most people think of messaging security, they’re really thinking about client security—specifically, Outlook security. However, there’s more to it than that.

Chapter 13 is indeed dedicated to Outlook security, ranging from a discussion of attachment security management to a discussion of how to use its built-in S/MIME features.

Chapter 14 discusses the fascinating and complicated topic of securing Outlook Web Access; this was probably my favorite chapter to write, because I learned a great deal while researching it. Many users never run anything with “Outlook” in its name; they’re using POP3 or IMAP4 clients like Netscape Communicator, Evolution, or Eudora.

Chapter 15 describes how to secure your server so that Internet-protocol clients can safely use it.

Part V: Advanced Topics

Every book has some material that doesn’t fit into its structure; in this book’s case, there were two chapters that cried out to be included but didn’t really belong elsewhere in the book.

Chapter 16 covers security for Exchange’s Instant Messaging service, which is increasingly popular among business users.

Chapter 17 discusses security auditing and logging, including tips on what suspicious event patterns or clusters you should be looking for.

Appendices

Appendix A reprints two classic essays from the Microsoft Security Response Center: The Ten Immutable Laws of Security and The Ten Immutable Laws of Security Administration. While these aren’t printed on stone tablets, they remain valuable reading.

Appendix B is a detailed guide to the permissions applied at installation time.


Previous page
Table of content
Next page
Secure Messaging with Microsoft Exchange Server 2000
Secure Messaging with Microsoft Exchange Server 2000
ISBN: 735618763
EAN: N/A
Year: 2003
Pages: 169
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Adobe After Effects 7.0 Studio Techniques
Building Web Applications with UML (2nd Edition)
Cisco Voice Gateways and Gatekeepers
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy