Module 6: Designing a Security Strategy v
Module Strategy
Use the following strategy to present this module:
!"
Introduction to Designing a Security Strategy
Begin by describing the security risks to which most companies are
vulnerable. Next, discuss a list of best practices that every company should
consider implementing.
!"
Protecting Against External Security Threats
Begin by discussing how to protect against viruses by using virus filters and
virus scanners. Continue by explaining why ports are a common entryway
for security attacks, and discuss the list of ports and services outlined in the
table. Make sure students understand the importance of shutting down
access to ports that they are not using. Next, explain how to protect
mailboxes and their content from security threats, and how to use
bridgehead servers and routing groups to reduce the risk of external security
attacks. Conclude this topic by explaining how to plan firewalls. Emphasize
again that protecting the ports that provide access to a company’s resources
is a crucial function of any effective security strategy.
!"
Protecting Against Internal Security Threats
Begin by discussing how to configure distribution list permissions and
administrative groups. Make sure students understand how configuring
these two features can increase security. Continue by discussing the
importance of message archiving. Complete this topic by describing when
and why it is appropriate to configure top-level folder permissions.
!"
Designing an Encryption Strategy
Begin by explaining the importance of Microsoft Certificate Services, and
describe how the Microsoft Exchange Key Management Server and the
Certificate Service work together to increase security. Finally, explain how
to encrypt Internet mail.
!"
Windows 2000 Security Considerations
This topic discusses the security features in Windows 2000 that you should
include in the security strategy for an Exchange 2000 organization. Begin
by discussing how the Kerberos version 5 authentication protocol provides
authentication capabilities. Make sure that students understand the role of
the Kerberos protocol in authentication delegation. Complete this topic by
discussing the Access Control Model and how to implement it in a security
strategy.
vi Module 6: Designing a Security Strategy
Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
Lab Setup
The following list describes the setup requirements for the labs in this module.
!"
For each student, a Microsoft Management Console (MMC) custom console
must be created. This custom console must include both the
Active Directory Users and Computers snap-in and the Exchange System
snap-in, and must be named your_firstname Console.
!"
For each student, a personalized user account must be created in the
appropriate domain. This user account must be added to the Domain
Admins group, and assigned a mailbox on the server running
Exchange 2000 that the student is using.
!"
For each student, a user profile must be created on the student’s computer
that enables the student to access their mailbox by using Microsoft
Outlook
®
2000.
Lab Results
Performing the labs in this module, including the “If Time Permits” exercise,
introduces the following configuration changes:
!"
A message filter that filters out messages sent from contoso.msft is created
in the Northwind Traders organization and applied to the Simple Mail
Transfer Protocol (SMTP) virtual server on each student's server running
Exchange 2000.
!"
Only members of the All Executives distribution list (DL) are allowed to
send mail to the your_servername Executives DL.
!"
Membership of the your_servername Executives DL is hidden from
everybody’s view.
!"
Microsoft Key Management Server is installed on the instructor’s machine.
!"
All student your_username accounts are enabled for advanced security.
Module 6: Designing a Security Strategy 1
Overview
!
Introduction to Designing a Security Strategy
!
Protecting Against External Security Threats
!
Protecting Against Internal Security Threats
!
Designing an Encryption Strategy
!
Windows 2000 Security Considerations
A company’s messaging infrastructure is crucial to both communication and
productivity. Keeping this infrastructure secure and accessible is a high priority
for most companies. Designing an effective security strategy requires an
understanding of the security risks to which most businesses are vulnerable. A
security strategy helps you to assess and avoid risks by identifying the systems
and networks that you must protect, and by defining the mechanisms that you
will use to secure your environment. A comprehensive security strategy also
addresses procedures for identifying and recovering from security breaches.
After completing this module, you will be able to:
!"
Identify security risks and describe security best practices.
!"
Secure a Microsoft
®
Exchange 2000 organization from external security
threats.
!"
Secure an Exchange 2000 organization from internal security threats.
!"
Design an encryption strategy.
!"
Outline security considerations that are related to Microsoft
Windows
®
2000.
Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
how to design a security
strategy that enables you to
secure an Exchange 2000
organization from internal
and external attacks, and
how to implement an
encryption strategy.
2 Module 6: Designing a Security Strategy
#
##
#
Introduction to Designing a Security Strategy
!
Identifying Security Risks
!
Basic Best Practices
Every comprehensive security strategy includes a description of the security
risks to which the company is vulnerable. In addition, an effective security
strategy outlines the basic best practices and configuration changes that
administrators need to implement to ensure the security of an Exchange 2000
organization.
Topic Objective
To outline the most basic
topics that are associated
with designing a security
strategy.
Lead-in
You can begin designing
your security strategy by
identifying common security
risks and the best practices
that you can implement to
prevent them.
Module 6: Designing a Security Strategy 3
Identifying Security Risks
Security Risks
Data Theft
Or Tampering
Data Theft
Data Theft
Or Tampering
Or Tampering
Forgery
Forgery
Forgery
Denial of
Service
Denial of
Denial of
Service
Service
Trojan
Horse
Trojan
Trojan
Horse
Horse
Virus
Virus
Virus
Spoofing
Spoofing
Spoofing
Mail-
Relaying
Mail
Mail
-
-
Relaying
Relaying
Before you can protect your Exchange 2000 organization, you need to
understand the security risks to which most companies are vulnerable.
In general, there are two categories of security risks: passive attacks and active
attacks. In a passive attack, the attacker sets their network card to a listening
mode, but does not tamper with data. In an active attack, the attacker attempts
to change information. Determining whether information has been changed, and
when that information was changed, may be impossible.
Both active and passive attacks can be initiated easily over local area networks
(LANs), as well as over wide area network (WAN) links. The following table
identifies the most common types of security attacks.
Type of security risk Characteristics
Data theft or tampering Copying, changing, or listening to data that is
transmitted over a network or from a disk.
Forgery Passing data as a third party.
Denial of service Preventing connections to a server or network by
flooding that server or network with incorrect and
incomplete data. This causes the receiving server to fill
its buffers or queues until it can time out all of the
erroneous packets.
Trojan horse A malicious, security-breaking program that’s disguised
as something benign, such as a game or a joke.
Topic Objective
To describe the security
risks to which most
businesses are vulnerable.
Lead-in
Before you can protect your
Exchange 2000
organization, you need to
understand the security
risks that your company
may have to address.
4 Module 6: Designing a Security Strategy
(
continued
)
Type of security risk Characteristics
Virus A program that searches out other programs and infects
them by embedding copies of itself in them so that they
become Trojan horses. When the corrupted programs are
run, the embedded virus also runs. This is how the virus
propagates itself. Viruses are typically invisible to the
user.
Spoofing Impersonating another person by configuring that
person’s e-mail address in the perpetrator’s own e-mail
client.
Mail-Relaying Relaying mail through your company’s servers with the
intent of disguising the actual origin of the mail.
For more information about general security issues, see
http://www.microsoft.com/security.
Note
Module 6: Designing a Security Strategy 5
Basic Best Practices
Secure Active Directory
Secure Active Directory
Physically Protect Your Servers
Physically Protect Your Servers
Require Complex Passwords
Require Complex Passwords
Limit User Access to Essential Information
Limit User Access to Essential Information
Create Lists of Approved IP Addresses and Domain Names
Create Lists of Approved IP Addresses and Domain Names
Enable Logging and Monitor Your CPU and Progress Usage Levels
Enable Logging and Monitor Your CPU and Progress Usage Levels
Remove All Unnecessary Services
Remove All Unnecessary Services
Disable Caching of Logon Credentials
Disable Caching of Logon Credentials
Apply the Latest Service Pack
Apply the Latest Service Pack
Prevent SMTP Hosts From Using the SMTP Server to Relay Messages to the Internet
Prevent SMTP Hosts From Using the SMTP Server to Relay Messages to the Internet
Although there are a wide variety of complex and sophisticated measures that
you can take to increase the security of your Exchange 2000 organization, you
should not overlook the following basic precautions.
!"
Secure Active Directory.
When you design and deploy Exchange 2000 security, do not forget to
strengthen the underlying Windows 2000 operating system and Microsoft
Active Directory
™
. For more information, see course 2150A, Designing a
Secure Microsoft Windows 2000 Network.
!"
Physically protect your servers.
Protect your servers physically by keeping them in a locked and secure
location. In the basic input/output system (BIOS), disable booting from both
the floppy drive and the CD-ROM drive. Use a BIOS-level boot password,
so that servers cannot be restarted without authentication. Do not keep
servers logged on when they are unattended.
!"
Require complex passwords.
Require that all passwords be longer than seven characters, that they be
composed of a combination of uppercase and lowercase letters and
symbols, and that they do not contain any dictionary words, common
names, or other easily searchable information.
Enforce a strong password policy by using Group Policy. For more
information about Group Policy, see module 5, “Administering User
Accounts,” in course 2028A, Basic Administration of Microsoft
Windows 2000.
Topic Objective
To outline several best
practices that strengthen
security.
Lead-in
Although developing a
security strategy is a
complex process, there are
some basic best practices
that should be included in
any security strategy.
6 Module 6: Designing a Security Strategy
!"
Limit user access and views to essential information.
Use discretionary access control lists (DACLs) to control user access to
Exchange 2000 features throughout the Exchange 2000 organization. For
example, you can limit user views of address lists to select groups. You can
configure similar safeguards for public folders, making it possible not only
to secure the folders against access, but also to make them invisible to any
users who should not be able to see them.
!"
Create lists of approved IP addresses and domain names.
You can prevent Internet users from overwhelming your Exchange servers
with Simple Mail Transfer Protocol (SMTP) messages or with connections
to your Internet Message Access Protocol version 4 (IMAP4), Post Office
Protocol version 3 (POP3), and Network News Transfer Protocol (NNTP)
virtual servers by accepting or denying connections based on approved lists
of Internet Protocol (IP) addresses and domains. If your Exchange 2000
organization is frequently attacked by one IP address or domain, you can
explicitly deny access to that address or domain. Exchange 2000 uses
reverse Domain Name System (DNS) lookups to check this IP address and
domain list. Enabling reverse DNS lookups is resource intensive.
!"
Enable logging and monitor your CPU and progress usage levels.
If you believe that your virtual servers are frequently being attacked, you
can monitor the number of connections that each of the SMTP virtual
servers is receiving, and also the origin of each connection.
!"
Remove all unnecessary services.
In addition to removing all unnecessary services, do not install services that
users in your company will not need. For example, do not install Instant
Messaging if you neither expect nor want people to use it. Additional
services only increase administrative and security overhead, and expose
unnecessary ports.
!"
Configure your browser to disable caching of logon credentials and also to
delete pages when the browser is closed.
If you are using Microsoft Outlook
®
Web Access, the logon credentials and
Web pages that a user accesses are cached, which provides an opportunity
for someone to steal them or gain access to them.
!"
Apply the latest service pack and all subsequent hotfixes.
Applying the latest service pack and all subsequent hotfixes implements the
best security updates that are currently available.
!"
Prevent SMTP hosts from using your company’s SMTP server to relay
messages to the Internet.
If your Exchange 2000 organization uses POP3 or IMAP4 clients, you can
verify message validity by enabling reverse DNS lookups to allow
connections from users in your own domain, by disabling relay on all
servers except the bridgehead SMTP virtual server, and by setting up
message filtering and scanning. If you do not use POP3 or IMAP4 clients in
your environment, it is a good idea to disable all message relaying.
For Your Information
You can configure Internet
Explorer to delete saved
pages when the browser is
closed by configuring the
Internet Options Advanced
tab. This will prevent users
from being able to access
secure pages after the
browser is closed.
Module 6: Designing a Security Strategy 7
#
##
#
Protecting Against External Security Threats
!
Protecting Against Viruses
!
Protecting Mailboxes and Mailbox Content
!
Using Bridgehead Servers and Routing Groups to
Increase Security
!
Protecting Ports
!
Discussion: Protecting Against External Security
Threats
Exchange 2000 is designed with connection to the Internet in mind. SMTP is
the primary mail transport agent, and other collaborative features (such as
Instant Messaging and Microsoft
NetMeeting
®
) are available. You must put
security measures in place to secure each of these elements.
Most external intrusions into your Exchange 2000 organization will appear as
viruses or as denial of service attacks. It is important that your security strategy:
!"
Addresses how to protect against viruses.
!"
Identifies dangerously exposed ports.
!"
Addresses the security of user mailboxes.
!"
Identifies how to use bridgehead servers and routing groups to increase
security.
!"
Includes plans for firewalls.
Topic Objective
To outline the topics related
to protecting against
external attacks.
Lead-in
Protecting your
Exchange 2000 organization
from external security
threats requires developing
a strategy that guards
against viruses, protects
exposed ports, protects
mailboxes and their content,
protects the SMTP server,
and plans for firewalls.
8 Module 6: Designing a Security Strategy
Protecting Against Viruses
Firewall
Server
Client
virus.vbs
virus.vbs
Most viruses propagate quickly through messaging systems because e-mail
clients provide both sending capabilities and programmatic access to address
information.
Protecting against viruses involves installing virus scanners on client computers
and servers and installing virus filters on gateways and firewalls, as well as
educating users.
Installing Virus Scanners
You can install virus scanners on both client computers and servers. If you
install a virus scanner, remember to update it frequently. When selecting
scanners, it is important to use a scanner that pushes updates to the client
computers and the server without user intervention, because such a scanner
reduces user responsibility and user error. This auto-update capability of the
virus scanner often requires you to accept a trade-off, because it may introduce
new code that could cause problems in your system.
Client-Side Scanners
Client-side scanners install file system filters which check files for the
signatures of known viruses as the files are being written to disk. Some
scanners connect to e-mail clients and search attachments on incoming e-mail.
If the scanner detects a virus, it might delete the attachment from the message
or copy the attachment to the local hard drive and disinfect the file. The auto-
update capability is an important option in client-side virus scanners, because it
downloads new signature files automatically to the local machine without user
intervention.
Topic Objective
To discuss how to design a
security strategy that
enables you to protect your
Exchange 2000 organization
against viruses.
Lead-in
You can install virus filters
and scanners to help reduce
the risk of viruses.
Không có nhận xét nào:
Đăng nhận xét