Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Published byJudith Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions."— Presentation transcript:

1 1

2 2

3 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions assigned to an object can be applied directly to the object or inherited from a parent object There two types of Permissions Standard Permissions Part of the default permissions for Active Directory Extended Permissions Added when Exchange is installed Used to gain more specific administrative 3

4 4

5 Overview When implementing an Exchange 2003 infrastructure an appropriate Administrative model needs to be chosen To facilitate creating different Administrative Models Exchange 2003 provides an Exchange Delegation Wizard Exchange Delegation Wizard enables an Administrator to select a user or group and give them a specific administrative role with the organization 5

6 6

7 7

8 Users can fully administer Exchange System Information Add Delete Rename Modify Permissions 8

9 9

10 Permissions Container Microsoft Exchange Full Control Organization Send As and Receive As denied Administrative Groups All Permissions inherited; Send As and Receive As denied 10

11 11

12 Users can fully administer Exchange System Information Add Delete Rename Cannot Modify Permissions 12

13 13

14 Permissions Container Microsoft Exchange All permissions except Full Control Organization Send As and Receive As denied Administrative Groups All Permissions inherited except Full Control and Change; Send As and Receive As denied 14

15 15

16 16

17 17

18 Permissions Container Microsoft Exchange Read, List Object and List Contents permissions allowed Organization Read, List Object and List Contents permissions inherited View information store status permission allowed Administrative Groups Read, List Object and List Contents permissions inherited View information store status permission inherited 18

19 Public Key Infrastructures Overview To enable secure messaging Exchange relies on digital signatures and certification authorities to identify sending and receiving parties System used for authentication is known as Public Key Infrastructures (PKI) Microsoft has a proprietary PKI provided through Key Management Service (KMS) used with Exchange 2000 KMS removed in Exchange 2003 and certification PKI is handled by the OS 19

20 Public Key Infrastructures (2) Key-Based Cryptography Cryptographic algorithms fall into one of two categories Symmetric and Asymmetric Symmetric cryptography Known as secret key cryptography Sender and receiver share a single, predetermined key Sender and receiver need to decide on and transmit the shared key they can send any encrypted messages Asymmetric cryptography Known as public key cryptography Keys used for Encryption and Decryption are different Sender and receiver do not need to decided on a key or transmit prior to sending encrypted messages 20

21 Public Key Infrastructures (3) Certificates, Certificate Authorities and Trust To encrypt messages using a public key encryption system senders need to be able to access public keys of intended recipients Requires the use of a third party to act as a repository for the users' public keys and verify keys are associated with the appropriate users A certificate is a digital declaration that contains a given user's public key and authenticates the user A Certificate Authority (CA) is an entity that issues the certificate and attests to the fact that the certificate is valid and the user is authenticated A CA can be a third-party company such as VeriSign or a Windows 2003 server configured as a CA within the organization 21

22 Windows 2003 Public Key Infrastructures Windows uses Certificate Services to create a CA The CA issues and manages digital certificates in either an enterprise situation or a stand-alone situation Enterprise Integrated with Active Directory Stand Alone Can be members of a domain Can be part of a workgroup Two types of certification hierarchies: Rooted and Cross Certification Rooted Hierarchy Defines either an enterprise root CA or a stand alone CA Root CA issues itself a certificate called a self-signed certificate Below the root CA are one or more Enterprise or Stand Alone subordinate CAs Cross Certification Hierarchy CA acts as both a root CA and a subordinate CA Used when two organizations want to establish a certificate trust between themselves Commonly deployed in business-to-business scenarios when participating organizations have existing CA hierarchies 22

23 Securing Communications SSL/TLS can be used to secure SMTP traffic between e-mail servers SSL/TLS can be used to secure both client-to-server traffic and server-to-traffic Securing client-to-server traffic is less complicated than securing server-to-server traffic Clients that use SMTP but not SSL cannot communicate with servers configured to SSL ESMTP must be configured to allow clients to query what features they support 23

24 Securing Communications (2) Possible configurations when enabling SSL/TLS Force SSL/TLS for all e-mail traffic Enabling SSL/TLS for specific domains Enabling SSL/TLS for inbound e-mail 24

25 E-Mail Encryption S/MIME protocol is used to secure e-mail by digitally signing or encrypting email messages SSL/TLS secures messages during transit. S/MIME ensures end-to-end security Encrypts on send Decrypts on receive S/MIME uses certificates to encrypt/decrypt Designed to enable compatibility and authentication between different organizations and among different vendors 25

26 Summary Permissions that are assigned to an object within Exchange 2003 can be applied directly to the object itself or they can be inherited There are two types of permissions Standard and Extended Standard Part of the default permissions for Active Directory Extended Added when Exchange 2003 is installed The Exchange Administration delegation wizard enables you to select a user or group and give them a specific administrative role within the organization 26

27 Summary (2) A Microsoft Windows PKI provides an integrated set of services and administrative tools for creating deploying, and managing public key-based applications using public key cryptography Symmetric Key Cryptography In symmetric key cryptography, the encryption and decryption are identical. Parties wanting to secure their communication using secret keys, exchange their encrypted keys securely before they can exchange data 27

28 Summary (3) Asymmetric Key Cryptography Keys used for encryption and decryption are different No need for the encryption key to be kept secret Certificates are used to verify the identities of senders and receivers A certificate contains a user's public key A certificate also authenticates a user as who they claim to be A CA is an entity that issues a digital certificate and attests to the fact that the certificate is valid and that the user is authentic 28

29 Summary (4) A certificate chain associates a certificate with a list of issuing CAs that ultimately leads to a certificate that the receiver implicitly trusts. A root certificate forms the root of a certificate hierarchy that the receiver accepts as authentic SSL/TLS can be used to encrypt and secure both client-to-server traffic and server-to-server traffic Server-to-server SSL/TLS traffic is best handle using a separate dedicated SMTP connector 29

30 Summary (5) The S/MIME protocol allows users to send secure e- mail by digitally signing or encrypting e-mail messages S/MIME is an updated version of MIME encoding standard that ensures so-called end-to-end security by allowing users to encrypt message when they are created and by allowing recipients to decrypt messages upon receipt 30

Download ppt "1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
Cryptographic Technologies

Cryptographic Technologies
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google