Microsoft Exchange Server 2007 Security Basics

  • 6/18/2008
This chapter from Microsoft Exchange Server 2007 Administrator's Companion, 2nd Edition offers ideas about how to add complexity and create hindrances to those who wish to attack your network over port 25.
  • The Scope of Security 508

  • Motivations of a Criminal Hacker 509

  • How Hackers Work 510

  • Physical Security 514

  • Administrative Security 514

  • SMTP Security 522

  • Computer Viruses 527

  • Junk E-Mail 529

  • Security Tools Provided by Microsoft 530

  • Summary 532

Security incidents, including hacking, virus attacks, spyware outbreaks, and identity theft, have rocked the computing world. Due to the e-mail server’s reliance on access to the outside world, e-mail has become a target for miscreants everywhere, who try to use this medium to gain access to an organization. As such, security has become so central to the administrator’s role that a large portion of this book is devoted to a discussion of it.

This chapter offers ideas about how to add complexity and create hindrances to those who wish to attack your network over port 25. It is never foolproof, but the more you invest in security, the more secure your e-mail server will be. However, if you have good strategies in place and adequate tools to assist you, you can anticipate and thwart most attacks.

The Scope of Security

Everyone has heard the old phrase “a chain is only as strong as its weakest link.” You can easily apply that thinking to security: a network is only as secure as its least secured component. Always consider e-mail to be one of those weak links on your network because it is an obvious entry point. Attackers use e-mail to wreak havoc because it’s easy: no matter how well you secure your network, chances are good that you have port 25 open on your firewall and that a Simple Mail Transport Protocol (SMTP) server is ready to work with e-mail when it comes in.

When you begin thinking about security strategies, always answer the following question: What am I securing Exchange Server 2007 against? The answers to this question are varied and can be grouped into four categories:

  • Protection against social engineering attempts

  • Physical security

  • Administrative security

  • SMTP security

You learned about social engineering in depth in Chapter 18, “Security Policies and Exchange Server 2007.” In this chapter, the other three security categories are covered.