Exchange Server 2010 Security Baseline
Published: March 23, 2012 | Updated: January 28, 2013
This new Exchange Server 2010 SP2 baseline is now available in Microsoft Security Compliance Manager (SCM)! Download the latest version of the SCM tool to access this new product security baseline, as well as other updated Windows client and Microsoft Office application baselines, at Security Compliance Manager.
Download This Solution Accelerator
The Exchange Server 2010 SP2 baseline is integrated with the SCM tool. To access this product baseline and the Exchange Server 2010 SP2 Security Guide, download the Security Compliance Manager.
To learn more about SCM, see Security Compliance Manager on Microsoft TechNet.
About This Solution Accelerator
The Exchange Server 2010 SP2 baseline package includes the Exchange Server 2010 SP2 Security Guide, and the Exchange Server 2010 SP2 Attack Surface Reference workbook that documents the system services, network ports, protocols, and firewall rules needed for each of the Exchange Server roles. SCM is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor the security of servers running Exchange Server 2010 SP2 in your environment. The product baselines and guidance provide security recommendations to harden the server roles in Exchange Server 2010 SP2.
SCM accomplishes this in two ways: First, a Windows PowerShell-based script kit for applying Exchange Server baseline settings to the servers in your environment is included as an attachment to the baselines. Second, you can export the baselines as Desired Configuration Manager configuration packs for compliance scanning with Microsoft System Center Configuration Manager. For more information about the script kit, see the Exchange Server 2010 SP2 PowerShell Script Kit User Guide. You will find these resources in the Attachments \ Guides node of the SCM tool.
What is a security baseline?
A security baseline is a collection of configurations items for a Microsoft product that provides prescribed values to solve a specific use case or scenario. Exchange Server security baselines provide guidance and supporting technical data to implement an effective and efficient messaging infrastructure that enables you to:
- Understand threats.
- Implement countermeasures.
- Learn about product-specific recommendations.
This knowledge is accessed through the Security Compliance Manager tool, which gives you the ability to customize a security baseline to meet the unique requirements of your organization. The tool exports security baselines in multiple formats to help you apply the configuration and confirm the compliance level of the computers in your organization.
Exchange Server security baselines include the following elements:
- A detailed view of security vulnerabilities related to specific Windows operating systems, applications, and browser settings, and information on the potential impact of configuring significant settings in these areas to help you better understand how to effectively mitigate threats to your environment.
- Recommended countermeasures to address such vulnerabilities, as well as the technical data required to implement and assess the state of each countermeasure that you implement.
- A product-specific security guide that provides detailed instructions and recommendations to help strengthen the security of the computers running Exchange Server 2010 SP2 in your organization.
- The Exchange Server 2010 SP2 PowerShell Script Kit User Guide to help you apply the Exchange Server baseline settings to the servers in your environment.
About the Security Compliance Manager
The Security Compliance Manager (SCM) provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft products.
Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator is designed to help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, Microsoft applications, and Windows Internet Explorer. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including Desired Configuration Management (DCM) packs, Security Content Automation Protocol (SCAP), XLS, or Group Policy objects (GPOs)—to export the baselines to your environment and automate the security baseline compliance verification process.
Use SCM to achieve a secure, reliable, and centralized IT environment to help you better balance your organization’s needs for security and functionality.
Included in the Download
The SCM download includes the following components:
- Microsoft_Security_Compliance_Manager_Setup.exe – The Microsoft Security Compliance Manager allows you to view, update, and export security baselines.
- LocalGPO.msi – This tool is designed to manage local group policies of a computer such as applying a security baseline and exporting the local Group Policy.
After you download and install SCM, you can view all available Microsoft product security baselines. For more information, refer to the getting started guidance on the SCM TechNet Wiki.
The .cab file for the Exchange Server 2010 SP2 Security Compliance Baseline includes the following components:
- Exchange Server 2010 SP2 Security Guide.docx
- Exchange Server 2010 SP2 Attack Surface Reference.xlsx
- Exchange Server 2010 SP2 PowerShell Helper Guide.docx
- Exchange Server 2010 SP2 PowerShell Helper MSI.zip
- Exchange Server 2010 SP2 PowerShell Script Kit User Guide.docx
- Exchange Server 2010 SP2 PowerShell Script Kit.zip
- Exchange Server 2010 SP2 Security Baseline SCAP DataStreams.zip
- Exchange2010SP2 CAS Services Security 1.0
- Exchange2010SP2 Edge Services Security 1.0
- Exchange2010SP2 Hub Services Security 1.0
- Exchange2010SP2 Mailbox Services Security 1.0
- Exchange2010SP2 UM Services Security 1.0
The following resources provide additional information about security topics and in-depth discussion of the concepts and security prescriptions related to SCM:
- Microsoft Security Solution Accelerators
- Security Compliance Manager TechNet Wiki
- Discussion of new features in SCM2 with José and Jeff
- Solution Accelerators Team presents Security Compliance Manager
- IT Infrastructure Threat Modeling Guide
- System Center Configuration Manager Extensions for SCAP
Community and Feedback
- Want to know what’s coming up next? Check out our Solution Accelerators Security and Compliance Blog.
- E-mail the Solution Accelerators security team with your feedback: SecWish@microsoft.com.
- Join in discussions on managing IT security and compliance at the Security and Compliance Management Forum.
- If you have used a Solution Accelerator in your organization, please share your experience with us by completing this short survey.
About Solution Accelerators
Microsoft Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:
- Communication and collaboration
- Security, data protection, and recovery
- Operations and management
Download This Accelerator
Download the Security Compliance Manager.