Microsoft 1 Firewall Operations

Chapter 5: Protection 73

To keep your Exchange Server computers secure, look carefully at group memberships.

One of the most critical groups you should monitor is the Exchange Domain Servers

Group. Any user or computer account that is a member of the Exchange Domain Servers

account has full control of the Exchange Organization, so it is extremely important to

secure membership of this group. You should also ensure that the membership of the Built-

in/Administrators group on the Exchange Server computers is also tightly locked down.

Members of this group automatically have Send As permissions on all mailboxes for that

server. The most efficient way to control membership of these groups is through Group

Policy.

You would also be advised to audit for configuration changes to Exchange. A good change

and configuration management system ensures that no changes are made to the system

which have not been pre-authorized. So, regular checks of your Event Logs (or any other

monitoring system you have chosen) allow you to see if unauthorized changes have been

made.

Your Exchange operations department should ensure that it receives security bulletins from

Microsoft. To receive these bulletins, visit the following Web site:

http://www.microsoft.com/technet/security/notify.asp

In cases where a security breach has been exposed and a new hot fix needs to be applied,

the change should generally be considered urgent and should travel through the change

configuration process accordingly.

One of the best ways of protecting against malicious use of e-mail is to use Key Manage-

ment Server. This allows you to digitally sign and seal messages so that you can determine

if a mail has actually come from the person who claims to send it and that the mail has not

been altered in transit. Of course for this to work, the security of Key Management Server

itself is paramount. Your operations practice should ensure very high security for this

server, controlling very tightly who is in the local groups on the server . A password is used

to start the Key Management Server and this should be kept on a floppy disk, physically

separate from the server after the service has been started.

Of course, you still need to protect your Exchange Server computer against external

attack. The rest of this section examines what you need to consider when you are operat-

ing one or more firewalls in your environment.

Firewall Operations

Exchange can exist in a variety of different firewall configurations. As part of your plan-

ning and deployment you will have chosen how to deploy your firewall solutions around

Exchange. Possible deployments could include a single firewall in front of servers running

Exchange, to multiple firewalls in front of and behind front-end servers.

Firewall configuration is typically rather complex, so it is very important that operations

personnel have a good idea as to exactly how firewalls are configured within their organi-

zation, what they should keep out and what they should let in, when they are correctly