Microsoft 1 Protection

5

Protection

Introduction

By its very nature, Exchange 2000 Server has a public face. You will be offering e-mail and

other functionality to a large number of users. In many cases those users will not only be

able to collaborate with other users in their own company, but also with others across the

Internet. This high visibility makes it potentially more subject to attack than other services.

You need to make sure that Exchange is well protected against potential attacks, including

hacking attempts and viruses.

This chapter also examines disaster recovery scenarios. If you are to meet your service level

agreements (SLAs) on availability, you must first ensure that your system is down as

infrequently as possible. This is covered in Chapter 2, “Capacity and Availability Manage-

ment,” but you must also make sure that if you do suffer downtime, it is kept to the bare

minimum required to restore service. Disaster recovery procedures for Exchange 2000 are

detailed in this chapter.

Chapter Start Point

At the start of this chapter, you should be familiar with basic security concepts and differ-

ent types of backup and restore hardware.

Chapter End Point

By the end of this chapter, you should be aware of appropriate measures to take when

guarding against hacker attacks and e-mail bound viruses. You will also be aware of

disaster recovery procedures in the event of a failure.

Contents

Main ii Contents Chapter 1 Introduction 1 Chapter 2 Capacity and Availability Management 11 Change and Configuration Management 37 Chapter 4 Enterprise Monitoring 53 Chapter 5 Protection 71 Chapter 6 Glossary 97 Support 89 Page Page Page Introduction Microsoft Operations Framework (MOF) Page How to Use This Guide Efficiency, Continuity, and Security Figure 1.2 Efficiency Continuity Security Chapter Outlines Planning and Deployment Service Level Agreements Features Performance Recovery Support Related Topics Page Capacity and Availability Management Capacity Management Page Page Availability Management Service Hours Service Availability Minimizing System Failures Decreasing Single Points of Failure Increasing the Reliability of Exchange 2000 Minimizing System Recovery Time Performance Tuning Making Changes to the Registry No Performance Optimizer Optimizable Features Tuning Considerations Upgrading from Exchange 5.5 to Exchange 2000 Tuning the Message Transfer Agent (MTA) Tuning SMTP Transport Mailroot Directory Location SMTP File Handles Page Store and ESE Tuning Online Store Maintenance Online Backups Choosing the Correct Maintenance Strategy Extensible Storage Engine (ESE) Heaps Store-Database Cache Size Page Log Buffers Tuning Active Directory Integration Page Tuning Outlook Web Access (OWA) Page Hardware Upgrades Page Change and Configuration Management Prerequisites Change Management Defining Change Type Step 1 Request for Change Is Submitted to Change Manager Step 2 Change Manager Assesses the RFC Step 3 Change Is Passed to IT Executive Committee for Approval Step 4 Change Is Passed to the Change Advisory Board for Scheduling Step 5 Change Is Passed to the Change Owner Step 6 Change Process Evaluation Minor and Standard Changes Scripting Minor and Standard Changes Security Software Control and Distribution Documentation Configuration Management Tools for Configuration Management Configuration Management and Change Management Configuration Items Page Page Page Defining Configuration Items Configuration Management and Exchange Maintaining the Configuration Management Database Change Management Ownership Security Backup Exchange System Policies Administering System Policies Page Enterprise Monitoring Prerequisites Performance Monitoring System Monitor Exchange 2000 Objects and Counters to Monitor Service or Resource Performance Object Information Store Counters SMTP Server MSExchangeMTA and MSExchangeMTAConnections MSExchangeIM Virtual Servers MSExchangeAL Windows 2000 Objects and Counters to Monitor Table 4.2 Subjects and Associated Objects and Counters Subsystem Object Counter Exchange Comments Subsystem Object Counter Exchange Comments Centralized Monitoring Event Monitoring Event Viewer Log Files Centralized Event Monitoring Availability Monitoring Monitoring and Status Tool Adding Services to the Default Configuration Monitoring Resources Notifications Status Disabling Server Monitoring Centralized Availability Monitoring Client Monitoring Page Page Protection Chapter Start Point Chapter End Point Protection Against Hacking Firewall Operations Maintaining Firewall Availability Ensuring That Only the Correct Traffic Passes Through the Firewall Monitoring Against Hacker Intrusion Dealing With Security Breaches Anti-Virus Measures Staying Current Dealing With Virus Infection Blocking Attachments at the Client Page Disaster Recovery Procedures Backing Up Page Offline Backup Disk Imaging Restoring Recovering Individual Messages Recovering Lost Mailboxes Recovering Exchange Stores and Storage Groups Full Exchange Server Recovery Recovering Exchange After Active Directory Failure Alternate Server Recovery Recovery Testing Page Page Support Providing Support for End Users Reducing End User Support Costs Page Problem Reporting Dealing with User Problems Notifying Users Exchange Problem Management Page Page Glossary