Security
in a networking environment first starts with considering the
importance of a security model within the networking environment. Part
of the security model involves
internal security practices, and a portion of the security model
depends on the level of security built in to the technology products
being implemented.
This is a numerical
measure of how difficult it is to move along that edge. It could be a
measure of time, distance, cost, or any other quantity that can be
enumerated. These values are used when deciding on the best route from
one vertex to another. When implementing Exchange Server 2010 with
security in mind, a lot of the security infrastructure is dependent on
the security built in to the Windows 2003 network operating system as
well as the Exchange Server 2010 messaging system. Microsoft plays an
important role in establishing a secured messaging environment from
which an organization can build its security infrastructure.
An organization must
then assess its risks and develop a security strategy that is customized
to address the risks identified by the organization. Within Exchange
Server 2010, the administration function of the Exchange Server
messaging system is based on administrative roles in which an
administrator allocates roles and levels of security access to other
administrators and support personnel in the organization.
Microsoft’s Trustworthy Computing Initiative
As the largest software
company in the world, Microsoft has always been a target for people who
thrive on hacking computer systems, whether they are doing so simply
for the challenge, or with malicious intent.
On January 15, 2002,
Bill Gates announced the “Trustworthy Computing Initiative” that focused
the company in a new direction. The goal of this initiative was to
create reliable, secure, and private technologies and committed the
company to making products that protect user privacy.
Now,
Trustworthy Computing is no longer an initiative; it is a corporate wide
tenet that guides the development and maintenance of their products
from the moment they are imagined until they are no longer supported.
This new way of doing business has resulted in a significant reduction
of publicly reported vulnerabilities in Microsoft products across the
board.
Secure by Design
Under the
Trustworthy Computing Initiative, a process has been implemented known
as the Security Development Lifecycle, otherwise known as the SDL, which
requires Microsoft developers to create formal threat models when they
begin the design of a product. No longer are products envisioned and
developed with potential security risks addressed as an afterthought;
now all products, including Exchange Server 2010, are developed with an
eye toward secure computing from the drawing board.
As an added measure,
before a product ships, it is submitted to a final security review, or
FSR, where a team of security experts review it to answer just one
question—From a security perspective, is this product ready to ship?
Secure by Default
With
the original versions of Exchange Server (prior to Exchange Server
2003), the products were shipped with an “implement first, secure later”
philosophy. Many services and functions were enabled by default,
regardless of whether they would eventually be utilized in an
environment.
With later
versions of Exchange Server, including Exchange Server 2010, the
opposite approach has been taken—by default, many services and functions
are disabled at
the time of installation, only to be enabled by an organization if the
determination is made that the function is needed. Thanks to this
mentality, organizations are less likely to have features unknowingly
enabled that might present a security risk.
Secure by Deployment
Microsoft
provides applications and documentation that enable information
technology (IT) personnel to implement Exchange Server 2010 securely and
successfully. These tools enable an administrator to ensure that all
network prerequisites are met, and that the environment is properly
configured and ready to accept the implementation of Exchange Server
2010.
Microsoft also
provides training resources to ensure that administrators are
adequately prepared to deploy Exchange Server 2010. These training
resources should be reviewed by any organization implementing Exchange
Server 2010, and should be made available to administrators prior to
implementation of the product to ensure a successful deployment.
Assessing Your Risks
It has been said that “The only completely secure computer is one that is turned off—and even then, only if no one can find it.”
As with most jokes, there
is some underlying truth to the statement or it wouldn’t be funny. Any
computer that is accessible to authorized users is potentially
accessible to malicious intruders. When designing security around
particular subsets of data, you must strike a balance between security
and usability—if you make the environment TOO secure, it is too
difficult or time-consuming for valid employees to access the data.
In addition, an
organization must consider the value of the data that they are trying to
protect. For an email environment, this can be a particularly
challenging task, as the actual value of the data contained can be
difficult to assess. However, asking yourself “How much would it cost
the organization if our email was destroyed, altered, or stolen?” and
assigning an accurate monetary value to the data will help you determine
how much you can feasibly spend to protect it.
The next step in
assessing your risks is to analyze possible security vulnerabilities for
the service or functionality with which you are working. The following
is a list of some areas of security that you should take into
consideration:
Viruses or Trojan horse messages—
Viruses have existed in the computer world long before the first email
message was sent. However, just as email provides users with an easy
method of communication, it also is an extremely efficient method of
spreading malicious or troublesome code. Once considered the largest
problem that email administrators had to face, viruses have been combated by an entire industry devoted to their prevention.
Spam—
The proliferation of unsolicited messages, often referred to as “spam”
mail, has truly become the bane of the messaging world with recent
estimates stating that spam accounts for 85%–90% of the messaging
traffic on the Internet today. These unsolicited, usually unwanted, and
often offensive advertisements cost companies and users billions of
dollars annually in lost time and productivity. Unfortunately, because
sending bulk messages to thousands (or millions) of recipients can be
accomplished with very little expense, offending companies do not need a
large response to maintain profitability. It is sad to note that as
long as this method of advertising is profitable and effective, spam
will be with us to stay. Fortunately, Exchange Server 2010 has several
features to help alleviate the problem.
Address spoofing— One tool that is commonly used by the distributors of both viruses and spam is known as address spoofing.
By changing the From line in a Simple Mail Transfer Protocol (SMTP)
message, users can often be fooled into opening a message that they
think is from a friend or co-worker, only to find that the message
originated somewhere else entirely. This method has been especially
effective in the distribution of email worms. Because the message
appears to come from a known associate, and often has an intriguing
Subject line, the unwitting recipient opens the message and, if not
properly protected, becomes a distributor of the virus to others.
Phishing— Over the past several years, a relatively new type of fraudulent email has emerged. Known as phishing,
this attack comes in the form of an official looking email message,
often appearing to be from a reputable organization, such as a credit
card company or a large electronics retailer. The message usually
contains a link that, once clicked, brings up an official looking
website—often an exact replica of the official site that is being
mimicked. However, the fraudulent site has one purpose, to fool you into
giving away personal information, such as passwords, credit card
numbers, or Social Security numbers. With this information in hand, the
offending party can steal your identity, make charges to your credit
card, or otherwise profit from your loss.
Exchange Server 2010 Administrative Roles
In Exchange 2000
Server and Exchange Server 2003, there was not a clear separation
between administrators of users in Active Directory (AD) and the
administration of Exchange Server recipients. Utilizing the previous
model, based on predefined security roles, administrators had to be
granted high-level permissions to the Active Directory environment to
perform even relatively simple Exchange Server recipient–related tasks.
In addition, the majority of Exchange Server recipient management had to
be accomplished utilizing the Active Directory Users and Computers
utility.
Exchange Server
2010 has implemented much greater logical distinction between these two
environments. Utilizing newly designed administrator roles,
organizations can assign administrators permission to perform Exchange
Server-related tasks, while minimizing their
ability to directly modify the Active Directory itself. Furthermore,
the majority of mail-related configuration items can be administered
directly from the Exchange Management Console and Exchange Management
Shell.
This is important
to Exchange Server security because you no longer have to grant
administrative privileges over your Exchange Server environment to
domain administrators (who might not have worked with Exchange Server at
all). On the other side of the same coin, Exchange Server
administrators can be granted permissions over the Exchange Server
environment, yet remain restricted in Active Directory. This enables
organizations to limit areas of responsibility based on proper
administrator aptitude and abilities.