|
|
Any Exchange server that either receives e-mail from the Internet or is accessed by remote clients should be deployed with security in mind. The first and most critical step involved in securing an Exchange server is to ensure that the operating system and Exchange server software has recent security fixes and updates.
The Security Configuration Wizard can also be used to further harden an Exchange server by restricting the services that are running on the server as well as customizing the security settings in the Registry and the Windows firewall.
For Internet clients such as Outlook Web Access and Outlook Anywhere, implementing Secure Sockets Layer (SSL) ensures that data and authentication credentials transmitted over the network cannot be intercepted by someone using a protocol analyzer tool.
Protecting your users' mailboxes from malware (viruses, worms, Trojan horses) is the function of your message hygiene system. The Exchange server should be protected by Exchange Server-aware software. Implementing multiple layers of protection such as requiring that all clients have antivirus software and that inbound e-mail is first scanned in the perimeter network can help to ensure the security of the message transport system as well as prevent unwanted content from reaching a user's mailbox.
Finally, additional security can be provided for Client Access servers by putting a reverse proxy system between the users and the Client Access server. The reverse proxy intercepts inbound HTTPS requests and inspects them before passing them on to internal Client Access servers. The reverse proxy can also implement additional security measures.
|
|