Considering the Importance of Security in an Exchange Server 2010 Environment

This is a numerical measure of how difficult it is to move along that edge. It could be a measure of time, distance, cost, or any other quantity that can be enumerated. These values are used when deciding on the best route from one vertex to another. When implementing Exchange Server 2010 with security in mind, a lot of the security infrastructure is dependent on the security built in to the Windows 2003 network operating system as well as the Exchange Server 2010 messaging system. Microsoft plays an important role in establishing a secured messaging environment from which an organization can build its security infrastructure.

An organization must then assess its risks and develop a security strategy that is customized to address the risks identified by the organization. Within Exchange Server 2010, the administration function of the Exchange Server messaging system is based on administrative roles in which an administrator allocates roles and levels of security access to other administrators and support personnel in the organization.

Microsoft’s Trustworthy Computing Initiative

As the largest software company in the world, Microsoft has always been a target for people who thrive on hacking computer systems, whether they are doing so simply for the challenge, or with malicious intent.

On January 15, 2002, Bill Gates announced the “Trustworthy Computing Initiative” that focused the company in a new direction. The goal of this initiative was to create reliable, secure, and private technologies and committed the company to making products that protect user privacy.

Now, Trustworthy Computing is no longer an initiative; it is a corporate wide tenet that guides the development and maintenance of their products from the moment they are imagined until they are no longer supported. This new way of doing business has resulted in a significant reduction of publicly reported vulnerabilities in Microsoft products across the board.

Secure by Design

Under the Trustworthy Computing Initiative, a process has been implemented known as the Security Development Lifecycle, otherwise known as the SDL, which requires Microsoft developers to create formal threat models when they begin the design of a product. No longer are products envisioned and developed with potential security risks addressed as an afterthought; now all products, including Exchange Server 2010, are developed with an eye toward secure computing from the drawing board.

As an added measure, before a product ships, it is submitted to a final security review, or FSR, where a team of security experts review it to answer just one question—From a security perspective, is this product ready to ship?

Secure by Default

With the original versions of Exchange Server (prior to Exchange Server 2003), the products were shipped with an “implement first, secure later” philosophy. Many services and functions were enabled by default, regardless of whether they would eventually be utilized in an environment.

With later versions of Exchange Server, including Exchange Server 2010, the opposite approach has been taken—by default, many services and functions are disabled at the time of installation, only to be enabled by an organization if the determination is made that the function is needed. Thanks to this mentality, organizations are less likely to have features unknowingly enabled that might present a security risk.

Secure by Deployment

Microsoft provides applications and documentation that enable information technology (IT) personnel to implement Exchange Server 2010 securely and successfully. These tools enable an administrator to ensure that all network prerequisites are met, and that the environment is properly configured and ready to accept the implementation of Exchange Server 2010.

Microsoft also provides training resources to ensure that administrators are adequately prepared to deploy Exchange Server 2010. These training resources should be reviewed by any organization implementing Exchange Server 2010, and should be made available to administrators prior to implementation of the product to ensure a successful deployment.

Assessing Your Risks

It has been said that “The only completely secure computer is one that is turned off—and even then, only if no one can find it.”

As with most jokes, there is some underlying truth to the statement or it wouldn’t be funny. Any computer that is accessible to authorized users is potentially accessible to malicious intruders. When designing security around particular subsets of data, you must strike a balance between security and usability—if you make the environment TOO secure, it is too difficult or time-consuming for valid employees to access the data.

In addition, an organization must consider the value of the data that they are trying to protect. For an email environment, this can be a particularly challenging task, as the actual value of the data contained can be difficult to assess. However, asking yourself “How much would it cost the organization if our email was destroyed, altered, or stolen?” and assigning an accurate monetary value to the data will help you determine how much you can feasibly spend to protect it.

The next step in assessing your risks is to analyze possible security vulnerabilities for the service or functionality with which you are working. The following is a list of some areas of security that you should take into consideration:

• Viruses or Trojan horse messages— Viruses have existed in the computer world long before the first email message was sent. However, just as email provides users with an easy method of communication, it also is an extremely efficient method of spreading malicious or troublesome code. Once considered the largest problem that email administrators had to face, viruses have been combated by an entire industry devoted to their prevention.

• Spam— The proliferation of unsolicited messages, often referred to as “spam” mail, has truly become the bane of the messaging world with recent estimates stating that spam accounts for 85%–90% of the messaging traffic on the Internet today. These unsolicited, usually unwanted, and often offensive advertisements cost companies and users billions of dollars annually in lost time and productivity. Unfortunately, because sending bulk messages to thousands (or millions) of recipients can be accomplished with very little expense, offending companies do not need a large response to maintain profitability. It is sad to note that as long as this method of advertising is profitable and effective, spam will be with us to stay. Fortunately, Exchange Server 2010 has several features to help alleviate the problem.

• Address spoofing— One tool that is commonly used by the distributors of both viruses and spam is known as address spoofing. By changing the From line in a Simple Mail Transfer Protocol (SMTP) message, users can often be fooled into opening a message that they think is from a friend or co-worker, only to find that the message originated somewhere else entirely. This method has been especially effective in the distribution of email worms. Because the message appears to come from a known associate, and often has an intriguing Subject line, the unwitting recipient opens the message and, if not properly protected, becomes a distributor of the virus to others.

• Phishing— Over the past several years, a relatively new type of fraudulent email has emerged. Known as phishing, this attack comes in the form of an official looking email message, often appearing to be from a reputable organization, such as a credit card company or a large electronics retailer. The message usually contains a link that, once clicked, brings up an official looking website—often an exact replica of the official site that is being mimicked. However, the fraudulent site has one purpose, to fool you into giving away personal information, such as passwords, credit card numbers, or Social Security numbers. With this information in hand, the offending party can steal your identity, make charges to your credit card, or otherwise profit from your loss.

Exchange Server 2010 Administrative Roles

In Exchange 2000 Server and Exchange Server 2003, there was not a clear separation between administrators of users in Active Directory (AD) and the administration of Exchange Server recipients. Utilizing the previous model, based on predefined security roles, administrators had to be granted high-level permissions to the Active Directory environment to perform even relatively simple Exchange Server recipient–related tasks. In addition, the majority of Exchange Server recipient management had to be accomplished utilizing the Active Directory Users and Computers utility.

Exchange Server 2010 has implemented much greater logical distinction between these two environments. Utilizing newly designed administrator roles, organizations can assign administrators permission to perform Exchange Server-related tasks, while minimizing their ability to directly modify the Active Directory itself. Furthermore, the majority of mail-related configuration items can be administered directly from the Exchange Management Console and Exchange Management Shell.

This is important to Exchange Server security because you no longer have to grant administrative privileges over your Exchange Server environment to domain administrators (who might not have worked with Exchange Server at all). On the other side of the same coin, Exchange Server administrators can be granted permissions over the Exchange Server environment, yet remain restricted in Active Directory. This enables organizations to limit areas of responsibility based on proper administrator aptitude and abilities.