The Scope of Security

Everyone has heard the old phrase “a chain is only as strong as its weakest link.” You can easily apply that thinking to security: a network is only as secure as its least secured component. Always consider e-mail to be one of those weak links on your network because it is an obvious entry point. Attackers use e-mail to wreak havoc because it’s easy: no matter how well you secure your network, chances are good that you have port 25 open on your firewall and that a Simple Mail Transport Protocol (SMTP) server is ready to work with e-mail when it comes in.

When you begin thinking about security strategies, always answer the following question: What am I securing Exchange Server 2007 against? The answers to this question are varied and can be grouped into four categories:

1. Social engineering attempts
2. Physical security
3. Administrative security
4. SMTP security

You learned about social engineering in depth in Chapter 18, “Security Policies and Exchange Server 2007.” In this chapter, the other three security categories are covered.

< Back      Next >

© Microsoft. All Rights Reserved.