Securing the Client

Because Exchange 2003 is a distributed, client/server application, it is important to consider the client as you develop a security plan for your e-mail environment. Specifically, consider the following:

• As part of your risk management strategy, you should examine which clients are strictly required and then limit Exchange functionality to those clients. For example, Exchange 2003 does not configure all client services during installation. To run POP3 or IMAP4 clients in your organization, you must first enable these services in your Exchange 2003 environment.

• Ensure that your patch management plan extends beyond the operating system on the client desktop. Use current and patched versions of the client software, regularly checking for client security updates.

• Users are important in helping keep the client secure. Therefore, you should educate your users about e-mail viruses, virus hoaxes, chain letters, and spam, and then establish procedures that your users can follow when they encounter such mail.