Chapter 19: Exchange Server Security Basics

In this chapter:

  • The Scope of Security

  • Motivations of a Criminal Hacker

  • How Hackers Work

  • Physical Security

  • Administrative Security

  • SMTP Security

  • Computer Viruses

  • Junk E-Mail

  • Security Tools Provided by Microsoft

  • Summary

Security incidents, including hacking, virus attacks, spyware outbreaks, and identity theft, have rocked the computing world. Due to the e-mail server’s reliance on access to the outside world, e-mail has become a target for miscreants everywhere, who try to use this medium to gain access to an organization. As such, security has become so central to the administrator’s role that a large portion of this book is devoted to a discussion of it.

This chapter offers ideas about how to add complexity and create hindrances to those who wish to attack your network over port 25. It is never fool-proof, but the more you invest in security, the more secure your e-mail server will be. However, if you have good strategies in place and adequate tools to assist you, you can anticipate and thwart most attacks.

Think Globally When Diagnosing a Security Problem

Recently, a United States firm with national visibility in its industry was attacked by a group based outside of the U.S. The attacking group used its Exchange server to send out spam messages (in its own language) to addresses all over the world. At first, this problem looked like a virus, but then the company realized the attackers had planted a program on the Exchange server that was launching the outgoing e-mails.

By the time the firm figured out the problem, outbound SMTP queues had nearly 100,000 messages sitting in them, ready to be sent. Besides the obvious concern that the people receiving the spam would be unhappy, there were also a multitude of other negative possible consequences that could have occurred as a result of this problem:

  • A tarnished reputation By “allowing” this activity to take place, the company proved to those that received the spam that inadequate security measures were being taken. Whether this statement actually reflected reality would be a moot point to those who’s perceptions of this company changed.
  • Lawsuits By sending out spam, the company opened itself up to lawsuit that could prove to be costly and further harm the company’s reputation.

     Next >



© Microsoft. All Rights Reserved.