Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server Overview Issues in E-Mail Security Configuring ISA Server to Secure SMTP Traffic Configuring ISA Server to Secure Web Client Connections Configuring ISA Server to Secure Client Connections Lesson: Issues in E-Mail Security E-Mail Security Threats Overview E-Mail Access Using Web Clients E-Mail Access Using Outlook Clients E-Mail Access Using POP3, IMAP4, and NNTP Clients SMTP Protocol-Level Exploits Unwanted and Malicious E-Mail How ISA Server 2004 Secures Exchange Server E-Mail Security Threats Overview Ensuring the security of e-mail includes: Ensuring the security of e-mail includes: Ensuring that all e-mail client connections to the e-mail server are secure Protecting the e-mail servers from SMTP exploits Preventing unwanted or malicious e-mails from entering the organization’s network Ensuring that all e-mail client connections to the e-mail server are secure Protecting the e-mail servers from SMTP exploits Preventing unwanted or malicious e-mails from entering the organization’s network E-Mail Access Using Web Clients Outlook Mobile Access XHTML, cHTML, HTML ActiveSync Enabled Mobile Devices ISA Server Outlook Web Access Exchange Front-End Server Exchange Back-End Servers Wireless Network Outlook RPC Connections Outlook RPC Connections Outlook RPC over HTTP Connections Outlook RPC over HTTP Connections E-Mail Access Using Outlook Clients Port 135 and dynamic ports Port 135 and dynamic ports Port 80 or 443 Port 80 or 443 Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server ISA Server ISA Server POP3 Connections POP3 Connections IMAP4 Connections IMAP4 Connections E-Mail Access Using POP3, IMAP4, and NNTP Clients Port 110 or 995 Port 25 Port 110 or 995 Port 25 Port 143 or 993 Port 25 Port 143 or 993 Port 25 Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server ISA Server ISA Server SMTP Protocol-Level Exploits SMTP servers can be vulnerable to: SMTP servers can be vulnerable to: Buffer overflow attacks when SMTP commands are sent with more than expected data, causing memory buffer overflows Mail relay attacks when an SMTP server is used to forward unwanted e-mail to Internet recipients SMTP command attacks where SMTP commands are used to compromise the server or gain information about the server or recipients on the server Buffer overflow attacks when SMTP commands are sent with more than expected data, causing memory buffer overflows Mail relay attacks when an SMTP server is used to forward unwanted e-mail to Internet recipients SMTP command attacks where SMTP commands are used to compromise the server or gain information about the server or recipients on the server Unwanted and Malicious E-Mail Unwanted e-mail is unsolicited commercial e-mail that: Unwanted e-mail is unsolicited commercial e-mail that: Consumes server and network resources Reduces user productivity and increases administrative effort Can be filtered using an application-level filter May result in exposure to legal liability Consumes server and network resources Reduces user productivity and increases administrative effort Can be filtered using an application-level filter May result in exposure to legal liability Malicious e-mails contain viruses or worms that: Malicious e-mails contain viruses or worms that: Damage data or computers or consume network and computer resources Increase administrative cost and effort Increase the risk of an information leak Damage data or computers or consume network and computer resources Increase administrative cost and effort Increase the risk of an information leak How ISA Server 2004 Secures Exchange Server Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server Mail publishing wizards Mail publishing wizards Filtering unwanted e-mail Filtering unwanted e-mail SMTP command filtering SMTP command filtering Secure access for Outlook clients Secure access for Outlook clients Secure access for Web clients Secure access for Web clients ISA Server ISA Server [...]... SMTP Servers Exchange Front-End Server ISA Server Exchange Back-End Servers Use SMTP application filter to filter SMTP commands SMTP Server Use SMTP message screener to filter unwanted e-mail How to Configure ISA Server to Secure SMTP Traffic To configure ISA Server to secure SMTP traffic: 1 Configure MX records on the Internet servers to refer to the computer running ISA Server 2 Use the Mail Server. ..Lesson: Configuring ISA Server to Secure SMTP Traffic How ISA Server Secures SMTP Traffic How to Configure ISA Server to Secure SMTP Traffic How SMTP Filtering Works How to Configure the SMTP Application Filter How SMTP Message Screener Works How to Implement SMTP Message Screener Integrating ISA Server and Exchange Server to Secure SMTP Traffic How ISA Server Secures SMTP Traffic Use Mail... screener server Lesson: Configuring ISA Server to Secure Web Client Connections How Does ISA Server Secure OWA Connections? How to Configure ISA Server to Enable OWA Access How to Configure Forms-Based Authentication How to Configure ISA Server to Enable Access for Other Web Clients How Does ISA Server Secure OWA Connections? Use Mail Publishing Wizard to publish OWA Servers Exchange Front-End Server. .. connection from client to ISA Server and from ISA Server to OWA server 4 Configure a Web listener for OWA publishing Choose forms-based authentication and SSL for the Web listener How to Configure Forms-Based Authentication How to Configure ISA Server to Enable Access for Other Web Clients Publishing Exchange server virtual directories for OMA and Activesync clients Practice: Configuring ISA Server for Secure... POP3 and IMAP4 Clients Multimedia: Connecting MAPI Clients to Exchange Server Through a Firewall How ISA Server Secures Outlook RPC Connections ISA Server Exchange Servers Exchange UUID=2000 Port 135 Exchange UUID=3000 Outlook Client Practice: Configuring ISA Server to Secure Outlook RPC Connections Configuring an Outlook RPC publishing rule Testing the Outlook RPC publishing rule Den-Clt-01 Den -ISA- 01... RPC over HTTP RPC over HTTP requires: Exchange Server 2003 running on Windows Server 2003 and Windows Server 2003 global catalog servers Outlook 2003 running on Windows XP Windows Server 2003 server running RPC proxy server with the Exchange and domain controller service port numbers defined in the registry A modified Outlook profile that connects to the Exchange server using HTTPS How to Configure RPC... a server in the perimeter network is most complicated to configure, but most secure To filter only inbound messages Configure ISA Server to publish the message screener server, and configure access rules for the internal SMTP servers to send e-mail to the Internet To filter inbound and outbound messages Configure ISA Server to publish the message screener server, and configure the internal SMTP servers... the computer running ISA Server Install the SMTP message screener Configure the SMTP message screener Test the SMTP message screener Gen-Web-01 Den -ISA- 01 Den-Msg-01 Den-DC-01 Internet Integrating ISA Server and Exchange Server to Secure SMTP Traffic You can deploy message screener: On the computer running ISA Server This option is the easiest to configure but least secure On an IIS server in the internal... secure user logon OWA Client Exchange Back-End Servers ISA Server Configure attachment blocking How to Configure ISA Server to Enable OWA Access To configure ISA Server to enable OWA access: 1 Install a digital certificate on the OWA server and configure IIS to require SSL connections to the OWA virtual directories 2 Use the Mail Server Publishing Wizard to publish the OWA server 3 Configure a bridging... new SMTP mail server publishing rule Configuring outbound SMTP traffic Testing SMTP traffic flow Gen-Web-01 Den -ISA- 01 Den-Msg-01 Den-DC-01 Internet How SMTP Filtering Works Is the … Command allowed? Exchange Front-End Server Command length allowed? SMTP Server Exchange Back-End Servers ISA Server EHLO contoso.com Mail from: Ben@contoso.com Rcpt to: Jay@cohovineyard.com Data How to Configure the SMTP . Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server Overview Issues in E-Mail Security Configuring ISA Server to Secure. Screener Integrating ISA Server and Exchange Server to Secure SMTP Traffic How ISA Server Secures SMTP Traffic Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server Use