Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Exchange Server 2010 : Exchange Server-Level Security Features

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/26/2011 11:37:54 AM
As Exchange Server has adapted over the years, Microsoft has recognized the pitfalls encountered by companies overwhelmed by spam and email viruses. To combat this, they have consistently improved the features of their bundled tools to provide organizations with protection that would have had to be addressed with third-party applications in the past.

Exchange Server 2010 Antispam Measures

Spam is a global problem that affects everyone with an Internet-accessible email address. The spam problem has grown beyond bothersome; it has become an issue that negatively impacts end-user productivity and places a significant burden on messaging systems.

Exchange Server 2010 has many antispam measures built in to the application. These methods are especially effective when coupled with Outlook 2007. A few of these features are as follows:

  • Increased protection through integrated security technologies— Exchange Server 2010 acts as the first line of defense on incoming email messages. The Exchange server determines the legitimacy of the message, and is able to disable links or uniform resource locators (URLs) to help protect the user community. In addition, Exchange Server 2010 offers new antiphishing capabilities to help prevent emails of this nature from reaching your users in the first place.

  • Improved email legitimacy assurance— Email legitimacy is managed through Email Postmark technology when you combine Office Outlook 2007/2010 and Exchange Server autoencryption. Outlook Email Postmark applies a token (actually a computational puzzle that acts as a spam deterrent) to email messages it sends. This token can be read by a receiving Exchange Server 2010 server to confirm the reliability of the incoming message.

  • Distribution lists restricted to authenticated users— Using message delivery restrictions, you can configure a distribution list to accept mail from all senders, or specific senders or groups. In addition, you can require that all senders be authenticated before their message is accepted.

  • Connection filtering— Improvements have been made in the configuration and management of IP Block lists, IP Allow lists, IP Block List providers, and IP Allow List providers. Each of these elements can now be reviewed and configured directly from the Exchange Management Console.

  • Content filtering— Exchange Server 2010 includes the Exchange Intelligent Message Filter, or IMF, which uses the Microsoft SmartScreen patented “machine-learning” technology. This content filter evaluates inbound messages and determines the probability of whether the messages are legitimate, fraudulent, or spam.

    In addition, the IMF consolidates information that is collected from connection filtering, sender filtering, recipient filtering, sender reputation, SenderID verification, and Microsoft Office Outlook 2007/2010 Email Postmark validation. The IMF then applies a Spam Confidence Level (SCL) rating to a given message. Based on this rating, an administrator can configure actions on the message based on this SCL rating. These actions might include the following:

    • Delivery to a user Inbox or Junk E-Mail folder.

    • Delivery to the spam quarantine mailbox.

    • Rejection of the message and no delivery.

    • Acceptance and deletion of the message. The server accepts the message and deletes it instead of forwarding it to the recipient mailbox.

  • Antispam updates— Exchange Server 2010 now offers update services for their antispam components. The standard Exchange Server 2010 antispam filter updates every 2 weeks. The Forefront Security for Exchange Server antispam filter updates every 24 hours.

  • Spam quarantine— The spam quarantine provides a temporary storage location for messages that have been identified as spam and that should not be delivered to a user mailbox. Messages that have been labeled as spam are enclosed in a nondelivery report (NDR) and are delivered to a spam quarantine mailbox. Exchange Server administrators can manage these messages and can perform several actions, such as rejecting the message, deleting it, or flagging it as a false positive and releasing it to the originally intended recipient. In addition, messages with an SCL rating that the administrator has defined as “borderline” can be released to the user’s Junk E-Mail folder in Outlook. These borderline messages are converted to plain text to provide additional protection for the user.

  • Recipient filtering— In the past, an email that was addressed to a specific domain would enter that domain’s messaging service, regardless of whether it was addressed to a valid recipient. This not only utilized bandwidth, but also required Exchange servers to process the messages, create a nondelivery report (NDR), and send that message back out. Now, by using the EdgeSync process on your Hub Transport server, you can replicate recipient data from the enterprise Active Directory into the Exchange Active Directory Application Mode (ADAM) instance on the Edge Transport server. This enables the Recipient Filter agent to perform recipient lookups for inbound messages. Now, you can block messages that are sent to nonexistent users (or to internal use only distribution lists).

  • SenderID— First implemented in Exchange Server 2003 SP2, Sender ID filtering technology primarily targets forgery of email addresses by verifying that each email message actually originates from the Internet domain that it claims to. Sender ID examines the sender’s IP address, and compares it to the sending ID record in the originator’s public DNS server. This is one way of eliminating spoofed email before it enters your organization and uses your company resources.

  • Sender reputation— The Sender Reputation agent uses patented Microsoft technology to calculate the trustworthiness of unknown senders. This agent collects analytical data from Simple Mail Transfer Protocol (SMTP) sessions, message content, Sender ID verification, and general sender behavior and creates a history of sender characteristics. The agent then uses this knowledge to determine whether a sender should be temporarily added to the Blocked Senders list.

  • IP Reputation Service— Provided by Microsoft exclusively for Exchange Server 2010 customers, this service is an IP Block list that allows administrators to implement and use IP Reputation Service in addition to other real-time Block list services.

  • Outlook junk email filter lists aggregation— This feature helps reduce false positives in antispam filtering by propagating Outlook 2003/2007/2010 Junk Email Filter lists to Mailbox servers and to Edge Transport servers.

Additional Antispam Measures

In the battle against spam, passive measures protect your organization, but more aggressive measures can help lessen the problem overall. The following sections cover some suggestions of ways that your organization can help fight back.

Utilizing Blacklists

Many companies are unknowingly serving as open relays. Many spammers take advantage of this lack of security and utilize the organization’s messaging system to send their unsolicited email. When a company or domain is reported as an open relay, the domain can be placed on a blacklist. This blacklist, in turn, can be used by other companies to prevent incoming mail from a known open relay source.

You can find some organizations that maintain blacklists at the following addresses:

Report Spammers

Organizations and laws are getting tougher on spammers, but spam prevention requires users and organizations to report the abuse. Although this often is a difficult task because many times the source is undecipherable, it is nonetheless important to take a proactive stance and report abuses.

Users should contact the system administrator or help desk if they receive or continue to receive spam, virus hoaxes, and other such fraudulent offers. System administrators should report spammers and contact mail abuse organizations, such as those listed earlier in the “Utilizing Blacklists” section.

System administrators should use discretion before reporting or blocking an organization. For example, if your company were to receive spam messages that appeared to originate from Yahoo! or Hotmail, it wouldn’t necessarily be in your best interest simply to block those domains. In that example, the cure might be worse than the disease, so to speak.

Third-Party Antispam Products

Although Microsoft has equipped users, system administrators, and third-party organizations with many tools necessary to combat spam, the additional use of a third-party product, or products, can provide additional protection. These third-party products can also provide a multitude of features that help with reporting, customization, and filtering mechanisms to maximize spam blocking, while minimizing false positives.

Do Not Use Open SMTP Relays

By default, Exchange Server 2010 is not configured to allow open relays. If an SMTP relay is necessary in the messaging environment, take the necessary precautions to ensure that only authorized users or systems have access to these SMTP relays.

Note

You can use the Exchange Best Practice Analyzer, or other tools such as Sam Spade (www.samspade.org/), to check your environment for open mail relays.


Protecting Exchange Server 2010 from Viruses

Exchange Server 2010 includes many improvements to assist organizations with their antivirus strategies. The product continues to support the Virus Scanning Application Programming Interface (VSAPI). In addition, Microsoft has made a significant investment in the creation of more effective, efficient, and programmable virus scanning at the transport level.

A few of the antivirus measures included in Exchange Server 2010 are listed as follows:

  • Transport agents— Exchange Server 2010 improves upon the concept of transport agents that was introduced with Exchange Server 2007. Agents are managed software components that perform a task in response to an application event. These agents act on transport events, much like event sinks in earlier versions of Exchange Server. Third-party developers can write customized agents that are capable of utilizing the Exchange Multipurpose Internet Mail Extensions (MIME) parsing engine allowing extremely robust antivirus scanning. The Exchange Server 2010 MIME parsing engine has evolved over many years of Exchange Server development and is likely the most trusted and capable MIME engine in the industry.

  • Antivirus stamping— Exchange Server 2010 provides antivirus stamping, a method of stamping messages that were scanned for viruses with the version of the antivirus software that performed the scan and the result of the scan. This feature helps reduce the volume of antivirus scanning across an organization because, as the message travels through the messaging system with the antivirus stamp attached, other systems can immediately determine whether additional scanning must be performed on the message.

  • Attachment filtering— In Exchange Server 2010, Microsoft has implemented attachment filtering by a transport agent. By enabling attachment filtering on your organization’s Edge Transport server, you can reduce the spread of malicious attachments before they enter the organization.

Note

Although Exchange Server 2010 provides features to help minimize an organization’s exposure to viruses, it does not have true, built-in antivirus protection, as Exchange Server does not actually scan messages or attachments to look for infection. However, continued support for the built-in Virus Scanning Application Program Interface (VSAPI) allows specialized antivirus programs to connect their applications to your Exchange Server environment to scan messages as they are handled by Exchange Server.


Forefront Security for Exchange Server

Designed by Microsoft specifically for Exchange Server 2010, Forefront Security for Exchange Server is the next generation of Microsoft Antigen for Exchange Server. Because these products were designed specifically to work together, Forefront integrates with Exchange Server 2010 to provide improved protection, performance, and centralized management.

Forefront Security for Exchange Server delivers the following:

  • Advanced protection against viruses, worms, phishing, and other threats by utilizing up to five antivirus engines simultaneously at each layer of the messaging infrastructure

  • Optimized performance through coordinated scanning across Edge, Hub, and Mail servers and features such as in-memory scanning, multithreaded scanning processes, and performance bias settings

  • Centralized management of remote installation, engine and signature updating, reporting, and alerts through the Forefront Server Security Management Console

Although the client antivirus protection that is provided by Forefront Security for Exchange Server is language independent, the setup, administration of the product, and end-user notifications are currently available in 11 server languages. When Forefront Security for Exchange Server detects a message that appears to be infected with a virus, the system generates a notification message and sends it to the recipient’s mailbox. This message is written in the language of the server running Forefront because the server is not able to detect the language of the destination mailbox.

Third-Party Antivirus Products for Exchange Server

In addition, there are many third-party antivirus vendors in the marketplace. At the time of this writing, there was little to no documentation on their websites about future integration with Exchange Server 2010; however, there is no doubt that most of these companies will have compatible products ready by the time the product is released.

Many mechanisms can be used to protect the messaging environment from viruses and other malicious code. Most third-party virus-scanning products scan for known virus signatures and provide some form of heuristics to scan for unknown viruses. Other antivirus products block suspicious or specific types of message attachments at the point of entry before a possible virus reaches the Information Store.

Antivirus products keep viruses from reaching the end user in two fundamental ways:

  • Gateway scanning— Gateway scanning works by scanning all messages as they go through the SMTP gateway (typically connected to the Internet). If the message contains a virus or is suspected of carrying a virus, the antivirus product can clean, quarantine, or delete it before it enters your Exchange Server organization.

  • Mailbox scanning— Mailbox scanning is useful to remove viruses that have entered the Information Store. For example, a new virus might make it into the Exchange Server environment before a signature file that can detect it is in place. These messages on the Information Store cannot be scanned by a gateway application; however, with an antivirus product that is capable of scanning the Information Store, these messages can be found and deleted.

Antivirus Outsourcing

Although an organization can put in place many gateway antivirus products to address antispam and antivirus issues, outsourcing these tasks has gained popularity in recent years. Companies specializing in antivirus and antispam are able to host your organization’s MX records, scanning all messages bound for your company, and forwarding the clean messages to your organization. Although this removes a level of control from your administrators, many organizations are finding this outsourcing cost-effective, as they no longer have to maintain staff devoted strictly to these measures.

Other -----------------
- SharePoint 2010 PerformancePoint Services : Time Intelligence (part 3) - STPS Example
- SharePoint 2010 PerformancePoint Services : Time Intelligence (part 2) - STPS Syntax
- SharePoint 2010 PerformancePoint Services : Time Intelligence (part 1) - Configuring Time Intelligence for an Analysis Services Data Source & Configuring a Tabular Data Source
- SharePoint 2010 PerformancePoint Services : SQL Server Table Data Source
- BizTalk 2010 Recipes : Document Schemas - Promoting Properties
- BizTalk 2010 Recipes : Creating Schema Namespaces
- BizTalk 2010 Recipes : Creating a Schema Based on an Existing XML Document
- BizTalk 2010 Recipes : Creating Simple Document Schemas
- Restoring Windows Server 2008 (part 2) - Restoring Individual Components
- Restoring Windows Server 2008 (part 1) - Full Server Recovery
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer