[...]... Security • Chapter 1 Outlook Web Access 2003 Security Enhancements One of the components in Exchange 2003 that has benefited from a complete update, in terms of both functionality and security improve­ ments, is Outlook Web Access (OWA) OWA now supports S/MIME, just like the full Outlook MAPI client.This is a big improvement because it allows you to digitally sign and encrypt e-mail messages and attachments... Windows 2003 and Exchange 2003, if possible, using an installation checklist that focuses on not only security but system stability Your A** Is Covered If You… Know what the Microsoft Trustworthy Computing Initiative is all about and know how it affects Microsoft products such as Windows 2003 Server and Exchange 2003 Are aware of the default settings when comparing Exchange 2000 and Exchange 2003 Have... www.microsoft.com/security/security_bulletins/alerts2.asp Exchange 2003 Windows Dependencies Exchange 2003 is completely dependent on several components of Windows 2000 /2003 operating system It’s therefore vital that you know the ins and outs of these services and why Exchange depends on them Failing to do so will quickly have you end up in a not so pleasant Exchange admin role BY THE BOOK… Exchange 2003 is tightly integrated with Windows 2000 /2003, ... Admin Service Microsoft Exchange System Attendant IIS Admin Service Continued Windows and Exchange 2003 Security Practices • Chapter 2 Table 2.1 Exchange 2003 Services and Dependencies Exchange 2003 Service Microsoft Exchange Routing Engine (process of inetinfo.exe) Microsoft Exchange IMAP4 (process of inetinfo.exe) Microsoft Exchange POP3 (process of inetinfo.exe) Microsoft Exchange MTA Stacks (emsmta.exe)... resident Exchange mailboxes Antivirus products are allowed to delete messages and send messages to the sender in the Exchange 2003 AV API 2.5 version ■ Clustering authentication Exchange Server 2003 clustering supports Kerberos authentication against an Exchange virtual server ■ Administrative permissions Cross-forest support and the ability to administer both Exchange 2000 Server and Exchange Server 2003. .. mentioned that Exchange Server 2003 is the most secure Exchange version released to date, but bear in mind that to achieve the most secure Exchange 2003 environment possible, Exchange 2003 must be installed on a Windows 2003 server We say this because it’s also possible to install Exchange 2003 on Windows 2000 (SP3) server Because Windows 2003 Server has been through a full code review and has been designed... that you upgrade Exchange 2000 to Exchange 2003 first and then the Windows 2000 platform to Windows 2003 Carefully installed Exchange 2000 installations may already be more secure than a basic Exchange 2003; this is especially true if you have followed good security practices with Exchange 2000 More information on upgrades and Exchange compatibility can be found at www.microsoft.com /exchange/ evaluation/ti/TiWinNet.asp... installation, the SMTP and NNTP components are extended to provide additional functionality required by Exchange Virtual HTTP directories are created to provide access to Outlook Web Access (OWA) supporting files, mailboxes, and public folders.The Exchange installation process also installs POP3 and IMAP4 services that function as part of IIS 15 16 Chapter 2 • Windows and Exchange 2003 Security Practices... responsibly.You need to “CYA” CYA: Securing Exchange Server 2003 and Outlook Web Access is part of the new CYA series from Syngress that clearly identifies those fea­ tures of Exchange/ OWA that represent the highest risk factors for attacks, performance degradation and service failures; and then walks you through step-by-step configurations to assure they have been thor­ ough and responsible in their work... installation of Exchange to allow the service to expand distribution lists, query the Active Directory for mailbox properties, use the routing engine, and pro­ vide Exchange- to -Exchange communication All Exchange 2000/2003to -Exchange 2003 communications are handled via the SMTP engine One of the components is called the Advanced Queuing Engine; this component processes every message that is sent on the Exchange . ii 299_CYA_EXCHG_FM.qxd 4/23/04 3:52 PM Page iii Securing Exchange Server Securing Exchange Server 2003 and Outlook Web Access 2003 and Outlook Web Access COVER YOUR A ** BY GETTING IT RIGHT THE. help and a fail-safe checklist that guarantee that you’ve configured your network professionally and responsibly.You need to “CYA”. CYA: Securing Exchange Server 2003 and Outlook Web Access. Secure by Design . . . . . . . . . . . .4 Exchange 2003: Secure by Default . . . . . . . . . . . .6 Outlook Web Access 2003 Security Enhancements 7 Exchange 2003: Secure by Upgrade? . . . . . . .