Copy of SysAdmin Magazine Apr - Netwrix

April 2015

Cont ent s

3 Keeping Your Exchange Server Secure by Orin Thomas

5 Exchange Server Security: Three Simple Ways by Russell Smith

7 Ten Simple Ways to Prevent Security Breaches in M icrosoft Exchange by Krishna Kumar

10 5 Security and Compliance Improvements wit h Exchange 2013 SP1 by Brian Keith Winstead

12 How to Detect Full Access Permission Changes t o Exchange M ailbox April 2015 SysAdmin Magazine

13 Understanding the M ailbox M ove Request in Exchange 2010 by Krishna Kumar

16

Exchange Server Down: You Only Have Minutes

by Nick Cavalancia

19

4 Ways to Avoid Malware Like Lenovo Superfish

by Russell Smith

22 Another Vector for Malware Spread by Richard Muniz

24 Quick Reference Guide: Exchange Server Auditing

April 2015 SysAdmin Magazine

Keeping Your

Exchange Server

Secure

by Orin Thomas

20+ years in IT: a speaker, trainer and contributor on topics of Windows security.

If communication is the lifeblood of an organization, it could be fair to assume that Exchange functions as its heart. An Exchange server, especially one that hosts the mailbox server role, stores messages ? both external and internal. An attacker that gains administrative access to Exchange deployment can also gain access to all stored communication and to every user ?s mailbox. Having access to email messages stored on an Exchange mailbox server, the attacker would be able to learn almost everything about the organization, from its most important secrets through to mundane trivia.

3

April 2015 SysAdmin Magazine

Messages stored in individual mailboxes often include attachments; many organizations use Exchange public folders to store important documents. When considering Exchange security, remember that attacks won?t just come from people outside the organization: internal threats, even from Exchange administrators, are to be kept in mind. Securing Exchange involves more than hardening it against an outside attack. It means making sure that the number of trusted insiders is limited so they only have access to the information and components required to perform their jobs, and tracked so that each of their actions can be reconstructed, should an investigation be n ecessar y.

There are several steps an organization can take to make Exchange more secure. These three seem

4

to be a must.

1. Limit the number of

people who have access to

acco u n t s

with

administrative privileges

and ensure that those

accounts are protected

with strong authentication

technologies, such as

smart cards or a two

factor authentication.

2. Configure a built-in Role Based Access Control (RBAC) functionality. RBAC allows organizations to limit the actions an administrator can perform and the scope across which those actions can be performed. For example, rather than giving the permission to perform a mailbox search to all Exchange administrators, it is possible to grant this permission only to some trusted members from the organization?s HR department: they are the people who would ultimately be required to check the contents of mailboxes when performing investigations

into employee?s actions. RBAC allows any ability to be limited to a specific scope. This means that when granting someone from the HR the ability to scan mailboxes, this ability will be limited to a specific set of mailboxes, rather than all mailboxes in the o r gan izat io n . 3. The third step is to configure extensive auditing. Having a record of each action taken by an Exchange administrator allows an organization to reconstruct what has happened when a breach occurs or something goes wrong. Additionally, when privileged users know that their actions are being saved to a tamper proof log, they are less likely to perform actions that they might later have to explain to a superior.

April 2015 SysAdmin Magazine

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download