EX03: Exchange 2007 Security, Part I Jim McBee [email protected] http://mostlyexchange.blogspot.com Agenda Exchange Security Improvements Administrative Permissions Managing Compliance Other Improvements Summary.
Download
Report
Transcript EX03: Exchange 2007 Security, Part I Jim McBee [email protected] http://mostlyexchange.blogspot.com Agenda Exchange Security Improvements Administrative Permissions Managing Compliance Other Improvements Summary.
EX03: Exchange 2007 Security,
Part I
Jim McBee
[email protected]
http://mostlyexchange.blogspot.com
Agenda
Exchange
Security Improvements
Administrative Permissions
Managing Compliance
Other Improvements
Summary
Exchange 2007 Themes
IT Pro Situation
E-mail
is mission-
critical
E-mail
systems
too complex/
expensive
Management
tasks tedious,
not automated
Control
Info Worker Situation
Users
want easy
access to all their
communications
Mobile
devices are
increasingly
common
Calendaring
is
frustrating
Anywhere
Access
Org-wide Situation
Security
the top
concern
Spam
and viruses
compromise the
e-mail experience
Regulatory
compliance
critical in many
industries
Built-In
Protection
Exchange Security
Improvements
Approaching Exchange Security
What do we mean by “security”?
The CIA Framework
–
Confidentiality
•
•
–
Integrity
•
•
–
My data can be accessed only by authorized entities.
Access to my data can be audited and verified.
My data cannot be tampered with in transit or at rest.
Authorized changes to my data can be audited and verified.
Availability
•
•
I can still access my data even during outages and attacks.
I can detect and appropriately respond to events.
The Goals of Exchange Security
Avoid
–
–
Show
–
–
Validity of messages (no spoofing or forgery)
Potentially forged messages
Protect
–
–
Eavesdropping and tampering
Attacks and malware
Intra-org mail
Org-to-org mail (signed/encrypted by default)
Simplify
–
–
Data protection (snooping, information leakage)
Compliance (archival, journaling, retention)
Message protection
Active
Message Protection
–
Safe email in your organization and inbox
– Security by network isolation
– Secure transport over untrusted networks
Transit
–
protection
Hub to Mailbox
– Hub to Hub
– Edge to Hub
– Edge to Edge
Mailbox ↔ Hub
Authentication:
Mutual by Kerberos
Encryption: Encrypted RPC
Encrypted RPC
Mailbox server
Hub Transport server
Hub ↔ Hub
Authentication:
Mutual by Kerberos
Encryption: TLS
TLS & Kerberos
Hub Transport server
Hub Transport server
Edge ↔ Hub
Authentication:
Mutual via certificates
Encryption: TLS
TLS & Mutual
Authentication
Perimeter
Edge Transport server
Internal
Network
Hub Transport server
Edge ↔ Edge
Mutual
–
authentication
Certificate + TLS
TLS & Certificates
Perimeter
Perimeter
Internet
Edge Transport server
Edge Transport server
Improvements to Exchange 2007
Administrative Architecture
Administrative Group Design
Existing problems
–
–
–
Too rigid; not dynamic
Not completely granular
Low usage
•
•
Benefits of removing Administrative Groups
–
–
–
–
50% of companies (from Tech-Ed) state they do not use AGs
Another 40% use 5 or less
Exchange 2007 provides org-wide permissions
Delegate access to single servers
Apply role-based permissions to server objects
Group and filter in GUI based on server attributes
Transition note: Exchange 2007 creates a new hardcoded AG for compatibility
Permission Delegation
Permissions model
–
–
–
Organization Admin
Recipient Admin
Server Admin
Recipient Admin can
move mailboxes
Server Admin specified
for multiple servers
Predefined groups:
–
–
–
–
Exchange Organization Administrators
Exchange Recipient Administrators
Exchange Server Administrators
Exchange View-Only Administrators
Managing Compliance
Compliance Challenges
Archival and retention
–
–
–
Compliance
–
–
–
Keep everything?
Keep nothing?
Somewhere in between
Regulations
Policies
Balancing with IT needs
Data discovery
–
Search scope
Where Data Is
In
transit: data being moved from one
storage location to another should not be
–
Snooped/sniffed
– Altered
– Inappropriately disclosed
At
rest: data in a storage location should
not be
–
Inappropriately accessed
– Altered
– Deleted
E-mail Policy in Transit
Transport rules
Routing policies
–
–
Journaling
–
–
–
–
Automatic certificate-based protection
Enforce retention and compliance
Transport-based
Massively reduced duplication
Scoped (internal, external, global messages)
Reports to any valid SMTP address
Secure classifications
Rights management
What Are Transport Rules?
Rules
that are applied to all transport
servers to inspect messages and act on
them in some fashion
Managed by the administrators
Managed by GUI wizard or cmdlets
–
Conditions and Exceptions: Message
properties or recipient attributes
– Actions: change message routing or modify
contents
Transport Rule Examples
Example
Conditions and Exceptions
–
Sender, Recipients
– Sender or recipient is member of DL
– String match in subject, body, or header
– Regular expression match in subject, body,
or header
Example
–
Actions
Add a disclaimer
– Encrypt the message
– Route to a specified server
The Transport Rule Wizard
More About Transport Rules
Rules
on the Hub Transport
–
Used for restrict / protect / audit scenarios
– Stored in Active Directory
– Managed and applied across entire
organization
Rules
–
on the Edge Transport
Used for boundary restrictions
– Managed and applied per-server
Transport Rule Collections
Collections
–
Internal: apply when all senders/recipients
are in the organization
– External: apply to when one or more parties
are unauthenticated (anonymous) or not in
the organization
– Global: apply to all messages
– Edge: apply to all messages in the DMZ
Managed E-mail Folders
Mechanism for message lifecycle management
Folders intended for messaged classification
–
–
Users classify content by moving messages into the
appropriate folders
Folders can be
•
•
–
Pushed by the administrator
Created by the user
Per-folder expiration policies
– Allows official retention folders
– Administration can see summary reports
– Discovery tool permits enhanced search
E-mail Policy at Rest
Messaging
records management
(Managed Folders)
Multi-mailbox search
Secure classifications
Rights Management
–
Certificate based
– Applies access controls to the message data
– Integrates with / requires Windows Rights
Management
Additional Improvements
Customize Messages
Customize System
Messages
–
–
Mailbox full
new-systemmessage
cmdlet
Customize DSN and
NDR messages
Clearing Unwanted Data
Unwanted
–
From mailboxes
•
–
messages can be cleared
export-mailbox cmdlet
Queues
•
export-message cmdlet
EMS Demos
get-mailbox -database “Mailbox Database" | export-mailbox -SubjectKeywords "resume" -StartDate "06/25/06" EndDate "07/07/06" -TargetFolder "Inbox" -TargetMailbox Administrator -DeleteContent:$true
export-message
Get-message
new-systemmessage -quotamessagetype WarningMailbox -Language En -text 'You are almost at the maximum
quota for your mailbox. For information on how to reduce the size of your mailbox, go to <a
href="http://support.volcanosurf.com">http://support.volcanosurf.com</a>'
Summary
Security
improvements
–
Active protection
– Secure transport
Administrative
Compliance
–
In transit
– At rest
improvements
For more information
Visit
TechNet at
www.microsoft.com/technet
Visit the Exchange 2007 home page at
www.microsoft.com/exchange/preview/default.mspx
Questions?