CheckList - Securing Exchange Communications
Updated : February 6, 2004
On This Page
How to Use This Checklist
Securing Communications in Outlook 2002
Securing Web Browser and ISA communication
Securing ISA and OWA Front-End communication
Securing OWA Front-End and Back-End Exchange Servers
Securing SMTP Communications
How to Use This Checklist
This checklist is a companion to the module, "Securing Exchange Communications." Use it to help you to secure your Exchange 2000 servers, or as a quick reference for the corresponding module. This checklist should develop as you discover steps that help you to implement your secure Exchange organization.
Securing Communications in Outlook 2002
Check |
Description |
---|---|
Remote procedure call (RPC) encryption enabled in client between Microsoft Outlook messaging and collaboration client and Exchange. |
|
Certificate installed on client for Simple/Multipurpose Internet Mail Extensions (S/MIME) encryption. |
|
Key Management service installed to provide certificates internally. |
Securing Web Browser and ISA communication
Check |
Description |
---|---|
At least ISA Server SP1 installed. |
|
Secure Sockets Layer (SSL) certificate installed on ISA server from a globally trusted Certificate Authority (CA). |
|
Common or friendly name of SSL certificate matches Fully Qualified Domain Name (FQDN) used by Outlook Web Access (OWA). |
|
ISA server configured to only accept secure channel connections |
Securing ISA and OWA Front-End communication
Check |
Description |
---|---|
SSL certificate installed on OWA server from a globally trusted CA. |
|
Common or friendly name of SSL certificate matches FQDN used by OWA. |
|
Secure channel required for OWA connection. |
|
Basic authentication enabled for OWA connection. |
Securing OWA Front-End and Back-End Exchange Servers
Check |
Description |
---|---|
IPSec Port 80 Outbound from OWA front-end configured to "encrypt" using Group Policy. |
|
IPSec Port 80 Inbound from OWA front-end configured to "block" using Group Policy. |
|
IPSec Port 80 Inbound from Exchange back-end configured to "encrypt" using Group Policy. |
|
Policy applied on Exchange servers using secedit /refreshpolicy machine_policy /enforce command. |
|
IP Security Monitor configured and IPSec communication checked. |
Securing SMTP Communications
Check |
Description |
---|---|
ISA server configured to Publish Simple Mail Transfer Protocol (SMTP) server. |
|
Message Screener configured on ISA server. |
|
Separate SMTP gateway established. |
|
External SMTP mail relay prevented. |
|
Internal SMTP mail relay secured. |