1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Chapter 9 Deploying IIS and Active Directory Certificate Services
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services
Cryptographic Technologies
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
Configuring Active Directory Certificate Services Lesson 13.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Cryptography 101 Frank Hecker
Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Masud Hasan Secue VS Hushmail Project 2.
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Unit 1: Protection and Security for Grid Computing Part 2
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
06 APPLYING CRYPTOGRAPHY
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Building Security into Your System Bill Major Gregory Ponto.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Windows 2000 Certificate Authority By Saunders Roesser.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
The Secure Sockets Layer (SSL) Protocol
S/MIME T ANANDHAN.
The Secure Sockets Layer (SSL) Protocol
Chapter 4 Cryptography / Encryption
Install AD Certificate Services
Presentation transcript:

1

2

Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions assigned to an object can be applied directly to the object or inherited from a parent object There two types of Permissions Standard Permissions Part of the default permissions for Active Directory Extended Permissions Added when Exchange is installed Used to gain more specific administrative 3

4

Overview When implementing an Exchange 2003 infrastructure an appropriate Administrative model needs to be chosen To facilitate creating different Administrative Models Exchange 2003 provides an Exchange Delegation Wizard Exchange Delegation Wizard enables an Administrator to select a user or group and give them a specific administrative role with the organization 5

6

7

Users can fully administer Exchange System Information Add Delete Rename Modify Permissions 8

9

Permissions Container Microsoft Exchange Full Control Organization Send As and Receive As denied Administrative Groups All Permissions inherited; Send As and Receive As denied 10

11

Users can fully administer Exchange System Information Add Delete Rename Cannot Modify Permissions 12

13

Permissions Container Microsoft Exchange All permissions except Full Control Organization Send As and Receive As denied Administrative Groups All Permissions inherited except Full Control and Change; Send As and Receive As denied 14

15

16

17

Permissions Container Microsoft Exchange Read, List Object and List Contents permissions allowed Organization Read, List Object and List Contents permissions inherited View information store status permission allowed Administrative Groups Read, List Object and List Contents permissions inherited View information store status permission inherited 18

Public Key Infrastructures Overview To enable secure messaging Exchange relies on digital signatures and certification authorities to identify sending and receiving parties System used for authentication is known as Public Key Infrastructures (PKI) Microsoft has a proprietary PKI provided through Key Management Service (KMS) used with Exchange 2000 KMS removed in Exchange 2003 and certification PKI is handled by the OS 19

Public Key Infrastructures (2) Key-Based Cryptography Cryptographic algorithms fall into one of two categories Symmetric and Asymmetric Symmetric cryptography Known as secret key cryptography Sender and receiver share a single, predetermined key Sender and receiver need to decide on and transmit the shared key they can send any encrypted messages Asymmetric cryptography Known as public key cryptography Keys used for Encryption and Decryption are different Sender and receiver do not need to decided on a key or transmit prior to sending encrypted messages 20

Public Key Infrastructures (3) Certificates, Certificate Authorities and Trust To encrypt messages using a public key encryption system senders need to be able to access public keys of intended recipients Requires the use of a third party to act as a repository for the users' public keys and verify keys are associated with the appropriate users A certificate is a digital declaration that contains a given user's public key and authenticates the user A Certificate Authority (CA) is an entity that issues the certificate and attests to the fact that the certificate is valid and the user is authenticated A CA can be a third-party company such as VeriSign or a Windows 2003 server configured as a CA within the organization 21

Windows 2003 Public Key Infrastructures Windows uses Certificate Services to create a CA The CA issues and manages digital certificates in either an enterprise situation or a stand-alone situation Enterprise Integrated with Active Directory Stand Alone Can be members of a domain Can be part of a workgroup Two types of certification hierarchies: Rooted and Cross Certification Rooted Hierarchy Defines either an enterprise root CA or a stand alone CA Root CA issues itself a certificate called a self-signed certificate Below the root CA are one or more Enterprise or Stand Alone subordinate CAs Cross Certification Hierarchy CA acts as both a root CA and a subordinate CA Used when two organizations want to establish a certificate trust between themselves Commonly deployed in business-to-business scenarios when participating organizations have existing CA hierarchies 22

Securing Communications SSL/TLS can be used to secure SMTP traffic between servers SSL/TLS can be used to secure both client-to-server traffic and server-to-traffic Securing client-to-server traffic is less complicated than securing server-to-server traffic Clients that use SMTP but not SSL cannot communicate with servers configured to SSL ESMTP must be configured to allow clients to query what features they support 23

Securing Communications (2) Possible configurations when enabling SSL/TLS Force SSL/TLS for all traffic Enabling SSL/TLS for specific domains Enabling SSL/TLS for inbound 24

Encryption S/MIME protocol is used to secure by digitally signing or encrypting messages SSL/TLS secures messages during transit. S/MIME ensures end-to-end security Encrypts on send Decrypts on receive S/MIME uses certificates to encrypt/decrypt Designed to enable compatibility and authentication between different organizations and among different vendors 25

Summary Permissions that are assigned to an object within Exchange 2003 can be applied directly to the object itself or they can be inherited There are two types of permissions Standard and Extended Standard Part of the default permissions for Active Directory Extended Added when Exchange 2003 is installed The Exchange Administration delegation wizard enables you to select a user or group and give them a specific administrative role within the organization 26

Summary (2) A Microsoft Windows PKI provides an integrated set of services and administrative tools for creating deploying, and managing public key-based applications using public key cryptography Symmetric Key Cryptography In symmetric key cryptography, the encryption and decryption are identical. Parties wanting to secure their communication using secret keys, exchange their encrypted keys securely before they can exchange data 27

Summary (3) Asymmetric Key Cryptography Keys used for encryption and decryption are different No need for the encryption key to be kept secret Certificates are used to verify the identities of senders and receivers A certificate contains a user's public key A certificate also authenticates a user as who they claim to be A CA is an entity that issues a digital certificate and attests to the fact that the certificate is valid and that the user is authentic 28

Summary (4) A certificate chain associates a certificate with a list of issuing CAs that ultimately leads to a certificate that the receiver implicitly trusts. A root certificate forms the root of a certificate hierarchy that the receiver accepts as authentic SSL/TLS can be used to encrypt and secure both client-to-server traffic and server-to-server traffic Server-to-server SSL/TLS traffic is best handle using a separate dedicated SMTP connector 29

Summary (5) The S/MIME protocol allows users to send secure e- mail by digitally signing or encrypting messages S/MIME is an updated version of MIME encoding standard that ensures so-called end-to-end security by allowing users to encrypt message when they are created and by allowing recipients to decrypt messages upon receipt 30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.