Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Published byKory Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server."— Presentation transcript:

1 Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server

2 Overview Issues in E-Mail Security Configuring ISA Server to Secure SMTP Traffic Configuring ISA Server to Secure Web Client Connections Configuring ISA Server to Secure Client Connections

3 Lesson: Issues in E-Mail Security E-Mail Security Threats Overview E-Mail Access Using Web Clients E-Mail Access Using Outlook Clients E-Mail Access Using POP3, IMAP4, and NNTP Clients SMTP Protocol-Level Exploits Unwanted and Malicious E-Mail How ISA Server 2004 Secures Exchange Server

4 E-Mail Security Threats Overview Ensuring the security of e-mail includes: Ensuring that all e-mail client connections to the e-mail server are secure Protecting the e-mail servers from SMTP exploits Preventing unwanted or malicious e-mails from entering the organization’s network Ensuring that all e-mail client connections to the e-mail server are secure Protecting the e-mail servers from SMTP exploits Preventing unwanted or malicious e-mails from entering the organization’s network

5 E-Mail Access Using Web Clients Outlook Mobile Access XHTML, cHTML, HTML ActiveSync Enabled Mobile Devices ISA Server Outlook Web Access Exchange Front-End Server Exchange Back-End Servers Wireless Network

6 Outlook RPC Connections Outlook RPC over HTTP Connections E-Mail Access Using Outlook Clients Port 135 and dynamic ports Port 80 or 443 Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server ISA Server

7 POP3 Connections IMAP4 Connections E-Mail Access Using POP3, IMAP4, and NNTP Clients Port 110 or 995 Port 25 Port 143 or 993 Port 25 Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server ISA Server

8 SMTP Protocol-Level Exploits SMTP servers can be vulnerable to: Buffer overflow attacks when SMTP commands are sent with more than expected data, causing memory buffer overflows Mail relay attacks when an SMTP server is used to forward unwanted e-mail to Internet recipients SMTP command attacks where SMTP commands are used to compromise the server or gain information about the server or recipients on the server Buffer overflow attacks when SMTP commands are sent with more than expected data, causing memory buffer overflows Mail relay attacks when an SMTP server is used to forward unwanted e-mail to Internet recipients SMTP command attacks where SMTP commands are used to compromise the server or gain information about the server or recipients on the server

9 Unwanted and Malicious E-Mail Unwanted e-mail is unsolicited commercial e-mail that: Consumes server and network resources Reduces user productivity and increases administrative effort Can be filtered using an application-level filter May result in exposure to legal liability Consumes server and network resources Reduces user productivity and increases administrative effort Can be filtered using an application-level filter May result in exposure to legal liability Malicious e-mails contain viruses or worms that: Damage data or computers or consume network and computer resources Increase administrative cost and effort Increase the risk of an information leak Damage data or computers or consume network and computer resources Increase administrative cost and effort Increase the risk of an information leak

10 How ISA Server 2004 Secures Exchange Server Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server Mail publishing wizards Filtering unwanted e-mail SMTP command filtering SMTP command filtering Secure access for Outlook clients Secure access for Outlook clients Secure access for Web clients ISA Server

11 Lesson: Configuring ISA Server to Secure SMTP Traffic How ISA Server Secures SMTP Traffic How to Configure ISA Server to Secure SMTP Traffic How SMTP Filtering Works How to Configure the SMTP Application Filter How SMTP Message Screener Works How to Implement SMTP Message Screener Integrating ISA Server and Exchange Server to Secure SMTP Traffic

12 How ISA Server Secures SMTP Traffic Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server Use Mail Publishing Wizard to publish SMTP Servers Use SMTP message screener to filter unwanted e-mail Use SMTP application filter to filter SMTP commands SMTP Server ISA Server

13 To configure ISA Server to secure SMTP traffic: Configure the internal SMTP servers as SecureNAT clients 3 3 Configure an access rule for internal SMTP servers to send e-mail to the Internet 4 4 Configure DNS so the Internal SMTP servers can resolve Internet host names 5 5 Use the Mail Server Publishing Wizard to publish the SMTP server 2 2 Configure MX records on the Internet servers to refer to the computer running ISA Server 1 1 How to Configure ISA Server to Secure SMTP Traffic

14 Practice: Publishing an SMTP Server Creating the Internet DNS records Configuring a new SMTP mail server publishing rule Configuring outbound SMTP traffic Testing SMTP traffic flow Internet Den-ISA-01 Den-DC-01 Gen-Web-01 Den-Msg-01

15 How SMTP Filtering Works Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server EHLO contoso.com Mail from: Ben@contoso.com Rcpt to: Jay@cohovineyard.com Data EHLO contoso.com Mail from: Ben@contoso.com Rcpt to: Jay@cohovineyard.com Data Is the … Command allowed? Command length allowed? SMTP Server ISA Server

16 How to Configure the SMTP Application Filter

17 How SMTP Message Screener Works Exchange Back-End Servers Exchange Back-End Servers IIS 6.0 With SMTP Service IIS 6.0 With SMTP Service Is the … Source Host allowed? Source Domain allowed? Attachment allowed? Keyword blocked? SMTP Server Install Message Screener ISA Server

18 To implement SMTP message screener: Configure an SMTP mail server publishing rule that publishes the SMTP server running message screener 3 3 Configure the message screener settings on the SMTP filter 4 4 Install the SMTP message screener on the IIS server 2 2 Install the SMTP service on an IIS 5.0 or IIS 6.0 server 1 1 How to Implement SMTP Message Screener

19 Practice: Implementing SMTP Message Screener Install the SMTP service on the computer running ISA Server Install the SMTP message screener Configure the SMTP message screener Test the SMTP message screener Internet Den-ISA-01 Den-DC-01 Gen-Web-01 Den-Msg-01

20 Integrating ISA Server and Exchange Server to Secure SMTP Traffic You can deploy message screener: On the computer running ISA Server. This option is the easiest to configure but least secure On an IIS server in the internal or perimeter network. Using a server in the perimeter network is most complicated to configure, but most secure To filter only inbound messages. Configure ISA Server to publish the message screener server, and configure access rules for the internal SMTP servers to send e-mail to the Internet To filter inbound and outbound messages. Configure ISA Server to publish the message screener server, and configure the internal SMTP servers to route messages to the message screener server On the computer running ISA Server. This option is the easiest to configure but least secure On an IIS server in the internal or perimeter network. Using a server in the perimeter network is most complicated to configure, but most secure To filter only inbound messages. Configure ISA Server to publish the message screener server, and configure access rules for the internal SMTP servers to send e-mail to the Internet To filter inbound and outbound messages. Configure ISA Server to publish the message screener server, and configure the internal SMTP servers to route messages to the message screener server

21 Lesson: Configuring ISA Server to Secure Web Client Connections How Does ISA Server Secure OWA Connections? How to Configure ISA Server to Enable OWA Access How to Configure Forms-Based Authentication How to Configure ISA Server to Enable Access for Other Web Clients

22 How Does ISA Server Secure OWA Connections? Exchange Back-End Servers Exchange Back-End Servers Exchange Front-End Server Exchange Front-End Server OWA Client OWA Client Use Mail Publishing Wizard to publish OWA Servers Configure attachment blocking Use forms-based authentication to avoid secure user logon ISA Server

23 To configure ISA Server to enable OWA access: Configure a bridging mode. For best security, secure the connection from client to ISA Server and from ISA Server to OWA server 3 3 Configure a Web listener for OWA publishing. Choose forms-based authentication and SSL for the Web listener 4 4 Use the Mail Server Publishing Wizard to publish the OWA server 2 2 Install a digital certificate on the OWA server and configure IIS to require SSL connections to the OWA virtual directories 1 1 How to Configure ISA Server to Enable OWA Access

24 How to Configure Forms-Based Authentication

25 How to Configure ISA Server to Enable Access for Other Web Clients Publishing Exchange server virtual directories for OMA and Activesync clients Publishing Exchange server virtual directories for OMA and Activesync clients

26 Practice: Configuring ISA Server for Secure OWA Connections Installing a certificate on the OWA server Configuring IIS to require SSL on the virtual directories used by OWA Configuring an Outlook Web Access publishing rule Testing the Outlook Web Access publishing rule Internet Den-ISA-01 Den-DC-01 Gen-Web-01 Den-Msg-01

27 Lesson: Configuring ISA Server to Secure Client Connections Multimedia: Connecting MAPI Clients to Exchange Server Through a Firewall How ISA Server Secures Outlook RPC Connections About RPC over HTTP How to Configure RPC over HTTP Enabling E-Mail Access for POP3 and IMAP4 Clients

28 Multimedia: Connecting MAPI Clients to Exchange Server Through a Firewall

29 How ISA Server Secures Outlook RPC Connections Outlook Client Outlook Client Exchange Servers Exchange Servers ISA Server Port 135 Exchange UUID=3000 Exchange UUID=2000

30 Internet Den-ISA-01 Den-DC-01Den-Msg-01 Practice: Configuring ISA Server to Secure Outlook RPC Connections Configuring an Outlook RPC publishing rule Testing the Outlook RPC publishing rule Den-Clt-01

31 About RPC over HTTP RPC over HTTP requires: Exchange Server 2003 running on Windows Server 2003 and Windows Server 2003 global catalog servers Outlook 2003 running on Windows XP Windows Server 2003 server running RPC proxy server with the Exchange and domain controller service port numbers defined in the registry A modified Outlook profile that connects to the Exchange server using HTTPS

32 How to Configure RPC over HTTP To enable RPC over HTTP, publish the /rpc/* virtual directory To enable RPC over HTTP, publish the /rpc/* virtual directory

33 Enabling E-Mail Access for POP3 and IMAP4 Clients Configure the Required ports Configure the Required ports Configure secure Ports to enable SSL security Configure secure Ports to enable SSL security

34 Lab: Integrating ISA Server 2004 and Microsoft Exchange Server Exercise 1: Enabling RPC over HTTP Client Connections Exercise 2: Configuring a Forms-Based Authentication for Outlook Web Access Internet Den-ISA-01 Den-DC-01Den-Msg-01 Den-Clt-01

Download ppt "Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.

Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Implementing Exchange Server Security Ward Solutions.

Implementing Exchange Server Security Ward Solutions.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Securing Exchange Server 2003. Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools.

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google