maxkabakov - Fotolia
Email is a common medium for sharing confidential ideas or decisions as well as sensitive files or attachments -- making security a major concern for Exchange administrators. Take every opportunity to revisit and refine Exchange 2013 security. Here are a few critical areas to check to ensure a more secure Exchange Server.
Security fixes and patches. Always keep Exchange Servers updated with the latest security fixes and patches. Many larger organizations prohibit automatic updating, preferring instead to test patches before pushing updates to production servers. Such control can prevent unforeseen consequences for Exchange users, but the extra testing may also make it difficult to deal with zero-day threats, potentially exposing the organization to new attacks.
Antimalware tools. Be judicious with your use of host-level antimalware tools if you want to strengthen Exchange 2013 security. Scans can disrupt access to Exchange databases and result in false positives or log errors. It may be necessary to exclude mailbox and public folder databases from scan activity. It's also recommended to leave the Windows Server Firewall running with advanced security features enabled. Exchange will create the proper firewall rules for the selected server role.
Administrator audit logging. A key part of Exchange 2013 security is tracking any changes that have been made and identifying the administrator who made those changes, so it's a good practice to enable administrator audit logging in Exchange 2013. Logging tracks cmdlets executed in the Exchange Management Shell (EMS) along with Exchange Admin Center (EAC) operations. Logs are normally retained for 90 days, but you can tailor the retention period along with the specific cmdlets that are logged.
SSL certificates. Check the Secure Sockets Layer (SSL) certificates on your Exchange servers. SSL encrypts mail data in flight, but SSL certificates eventually expire and can cause errors in Outlook Web App and ActiveSync. These errors will disrupt services and cause an avalanche of helpdesk requests. The easiest way to check SSL certificate expirations is to use the Get-ExchangeCertificate cmdlet along with any desired parameters in the EMS.
DLP policies. Exchange 2013 includes data loss prevention (DLP) capabilities designed to prevent specific types of content from leaving the organization. DLP is typically governed using a series of policy templates. As policies change and evolve over time, the DLP templates should also be updated to reflect the refinements or rules to address new content types. Take the time to review and update DLP policy templates, or evaluate updates with policy templates available from Microsoft. Many organizations also choose to implement Information Rights Management (IRM) on Exchange 2013. IRM controls what recipients can do with the sensitive email data that your users send, such as prohibiting message forwarding, printing or content cut-and-paste. IRM is considered by many to be a good complement to DLP.
This is part three in a series on getting the most out of your Exchange 2013 deployments this year. Part one details free assessment tools to help admins ensure a smooth deployment. Part two looks at the different ways to optimize Outlook.
Stay tuned for part four, which covers load balancing.