Problem solve Get help with specific problems with your technologies, process and projects.

Securing Exchange

Ways to make Exchange Server more secure.


Securing Exchange
Barrie Sosinsky

Security issues come rolling down the pike at breakneck speed. Once you've analyzed your network for potential threats and discovered any holes in it, take a look at the security tools you have and see if you are using them to your best advantage.

Number one, you should have your Exchange Server machine in a restricted-access location. Always lock the server's console when you leave it unattended. There are built-in security features of Exchange Server that should be put into place. They require little overhead and should meld with the security features of your operating system.

By default, anyone on the network can read SMTP traffic that crosses the network, because SMTP sends messages and authentication in clear text. Both Exchange 2000 and Exchange Server 5.5 let you use Secure Sockets Layer (SSL) technology to encrypt the SMTP traffic as it passes between the mail servers. You can use SSL only when both servers support SSL, and it does not provide authentication between servers. Using SSL on your internal network may seem excessive yet many companies combine SSL with internal firewalls simply to limit the risk of information leaks.

To enable SSL in Exchange Server 5.5, first Open Exchange Administrator, right-click on the Internet Mail Service and choose Properties. Next go to the Security tab, which lists the fully Qualified Domain Name for which you have defined a security policy. Most likely your list will contain a single entry named <default>. Select the domain for which you want to modify the security policy and click on Edit. The dialog box for Edit-Email Domain security information will appear. Select SAS/SSL security. Be sure and select the SSL encryption check box, and finally, Click OK.

Exchange 2000 uses the TLS or Transport Layer Security protocol, which is based on and completely interoperable with SSL. Enabling TLS is similar to enabling SSL. First open the MMC or Microsoft Management Console, Exchange System Manager snap-in and navigate to the SMTP virtual server for which you want to turn on TLS. Right-click the virtual server and choose Properties to open the Properties dialog box and go to the Access tab. Click on Authentication. Be sure to select the Enable SSL client authentication check box and go to the Deliver tab and click Outbound Security. Select the TLS encryption check box and then click on OK. Turning on SSK or TLS protects the outbound messages, but doesn't protect traffic from the clients. To fix this problem, enable the use of SSL with OWA, and you can request that POP3 or IMAP4 users use a client that supports the use of SSL with POP3 and/or IMAP4.

Barrie Sosinsky ( president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.

Dig Deeper on Microsoft messaging and collaboration services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.