Secure Messaging with Microsoft Exchange Server 2003

By:

Robichaux, Paul

Material type: Text

TextPublication details: MicrosoftISBN:

0735619905

Holdings
Item type	Current library	Call number	Copy number	Status	Date due	Barcode
Standard Loan	Thurles Library Main Collection	005 ROB (Browse shelf(Opens below))	1	Available		R14544KRCT

Enhanced descriptions from Syndetics:

From risk assessment to implementation and auditing procedures, get critical guidance to help enhance the security of your messaging infrastructure. Written by a network security expert who works closely with the Microsoft Exchange Server team, this guide delivers essential information and advice to help protect your clients, servers, and communications channels. Discover how to use the security features available in the Exchange and Microsoft Windows environments to harden the underlying system configuration and create multiple layers of defense against viruses, worms, and other threats--helping you improve messaging integrity over e-mail and the Internet.

Discover how to:

Identify and assess threats and risks to your messaging systems Install and configure Exchange to address security considerations Choose appropriate security-related algorithms and protocols Automate patch distribution and service-pack updates Implement anti-spam features and content-filtering tools Deploy multiple layers of virus defense--desktop, perimeter, and server Employ system-monitoring and intrusion-detection tools and techniques Create an Exchange-ready PKI and deploy Microsoft Outlook and Outlook Web Access Use POP and IMAP to enhance control of mailbox access NEW--Get a list of questions to employ when performing a security audit NEW--Implement security measures for roaming users and mobile devices NEW--Review messaging-related legal issues in a chapter from former law professor

William J. Friedman

Table of contents provided by Syndetics

Dedication (p. iii)
Acknowledgments (p. v)
Introduction (p. xix)
Part I Security Fundamentals
1 Security Buzzwords (p. 3)
What Does Security Mean? (p. 3)
Authentication (p. 4)
Access and Resource Control (p. 5)
Data Integrity (p. 7)
Confidentiality and Privacy (p. 8)
Malicious Code (p. 11)
Rights Management (p. 13)
Summary (p. 13)
Additional Reading (p. 14)
2 Security Protocols and Algorithms (p. 15)
Why Do I Need to Know This? (p. 15)
Secret-Key Encryption (p. 16)
Public-Key Encryption (p. 20)
Digital Signatures (p. 26)
Protocols (p. 30)
Summary (p. 40)
Additional Reading (p. 40)
3 Windows and Exchange Security Architecture (p. 43)
Learning the Right Lingo (p. 45)
Authentication (p. 46)
Access Control and Permissions (p. 50)
Summary (p. 60)
Additional Reading (p. 60)
4 Threats and Risk Assessment (p. 61)
Types of Security Threats (p. 63)
Models for Risk Assessment (p. 67)
Summary (p. 74)
Additional Reading (p. 74)
5 Physical and Operational Security (p. 75)
Physical and Operational Threat Assessment (p. 76)
Beefing Up Your Physical Security (p. 77)
Strengthening Operational Security (p. 83)
Summary (p. 86)
Additional Reading (p. 86)
Part II Exchange Server Security
6 Windows Server Security Basics (p. 89)
Taking the First Step: Patch Management (p. 89)
Securing What's Most at Risk: A Checklist (p. 107)
Tightening Things Further (p. 119)
Summary (p. 123)
Additional Reading (p. 123)
7 Installing Exchange with Security in Mind (p. 125)
Designing an Active Directory Structure for Exchange (p. 126)
Installing Exchange (p. 128)
Delegating Control (p. 135)
Applying the Finishing Touches (p. 144)
Summary (p. 146)
Additional Reading (p. 146)
8 SMTP Relaying and Spam Control (p. 147)
Understanding Relaying (p. 147)
Controlling Relaying (p. 150)
Understanding Spam (p. 163)
Using Exchange's Spam Control Features (p. 168)
Evaluating Third-Party Antispam Products (p. 178)
Summary (p. 180)
Additional Reading (p. 180)
9 Content Control, Monitoring, and Filtering (p. 181)
Adding Disclaimers (p. 182)
Filtering Inbound and Outbound Content (p. 184)
Reading Other People's Mail (p. 187)
Using Message Tracking (p. 192)
Searching the Store for Specific Content (p. 194)
Summary (p. 198)
Additional Reading (p. 198)
10 Antivirus Protection (p. 199)
Understanding Virus Protection Principles (p. 200)
Designing Defense in Depth (p. 203)
Everything Else (p. 210)
Summary (p. 211)
Additional Reading (p. 211)
Part III Communications Security
11 Securing Internet Communications (p. 215)
Using TLS/SSL with SMTP (p. 215)
Using IPSec (p. 226)
Publishing MAPI RPCs with ISA Server (p. 239)
Tunneling RPC over HTTPS (p. 242)
Summary (p. 247)
Additional Reading (p. 248)
12 Secure E-Mail (p. 249)
Understanding the Exchange-PKI Combination (p. 249)
Introducing Rights Management (p. 251)
Comparing S/MIME and RM (p. 252)
Planning Your S/MIME Encryption Infrastructure (p. 253)
Installing Certificate Services (p. 273)
Configuring and Managing Certificate Services (p. 286)
Summary (p. 290)
Additional Reading (p. 291)
Part IV Client Security
13 Securing Outlook (p. 295)
Understanding Outlook's Security Features (p. 295)
Customizing the Outlook Security Update (p. 302)
Customizing Outlook Security Settings for End Users (p. 309)
Setting Up RPC over HTTP (p. 310)
Using S/MIME (p. 312)
Using Information Rights Management (p. 324)
Reaching into Outlook's Toolbox (p. 327)
Summary (p. 334)
Additional Reading (p. 334)
14 Securing Outlook Web Access (p. 335)
Understanding Outlook Web Access (p. 335)
Controlling Access to Outlook Web Access (p. 346)
Using SSL with Outlook Web Access (p. 354)
Improving Outlook Web Access Client Security (p. 358)
Securing Outlook Web Access with Firewalls (p. 364)
Publishing Outlook Web Access with ISA Server (p. 373)
Applying the Finishing Touches (p. 378)
Summary (p. 381)
Additional Reading (p. 381)
15 Securing POP and IMAP (p. 383)
Understanding POP and IMAP (p. 383)
Controlling User Access to IMAP and POP (p. 384)
Using POP and IMAP with SSL (p. 387)
Summary (p. 390)
Additional Reading (p. 390)
Part V Advanced Topics
16 Securing Mobile Exchange Access (p. 393)
Understanding Exchange's Mobility Features (p. 393)
Securing OMA and EAS (p. 396)
Securing Mobile Devices (p. 399)
Summary (p. 402)
Additional Reading (p. 402)
17 Discovery, Compliance, Archive, and Retrieval (p. 403)
What, Me Worry? (p. 403)
Understanding DCAR (p. 405)
Building a DCAR System (p. 410)
Summary (p. 420)
Additional Reading (p. 421)
18 Security Logging (p. 423)
Understanding Security Logging (p. 423)
Using Auditing in Windows Server 2003 (p. 425)
What to Audit and Why (p. 433)
Summary (p. 437)
Additional Reading (p. 437)
19 Security Auditing (p. 439)
Understanding Security Auditing (p. 439)
Summary (p. 444)
Additional Reading (p. 444)
20 The Law and Your Exchange Environment (p. 445)
Assumptions (p. 445)
Some Legal Principles (p. 448)
Devising Network Use Policies (p. 456)
Summary (p. 460)
Additional Reading (p. 460)
Part VI Appendixes
A The Ten Immutable Laws (p. 463)
The Ten Immutable Laws of Security (p. 463)
The Ten Immutable Laws of Security Administration (p. 470)
B Setup Permissions Guide (p. 477)
A Note About Interpreting ACL Entries (p. 477)
Permissions on Objects in the Exchange Configuration Tree (p. 480)
Permissions on the Server Object and Its Children (p. 484)
Permissions on Other Objects in the Configuration Tree (p. 485)
Permissions on Objects in the Domain Naming Context (p. 486)
Permissions on File System Objects (p. 489)
Index (p. 491)

Author notes provided by Syndetics

Paul Robichaux is a system administrator, a messaging architect, and a Microsoft Most Valuable Professional (MVP) for Exchange Server