The Scope of Security
Everyone has heard the old phrase “a chain is only as strong as its weakest link.” You can easily apply that thinking to security: a network is only as secure as its least secured component. Always consider e-mail to be one of those weak links on your network because it is an obvious entry point. Attackers use e-mail to wreak havoc because it’s easy: no matter how well you secure your network, chances are good that you have port 25 open on your firewall and that a Simple Mail Transport Protocol (SMTP) server is ready to work with e-mail when it comes in.
When you begin thinking about security strategies, always answer the following question: What am I securing Exchange Server 2007 against? The answers to this question are varied and can be grouped into four categories:
- Social engineering attempts
- Physical security
- Administrative security
- SMTP security
You learned about social engineering in depth in Chapter 18, “Security Policies and Exchange Server 2007.” In this chapter, the other three security categories are covered.
© Microsoft. All Rights Reserved.