Enhance the security of your Exchange server

In many companies, email quickly becomes an important application, but the mail server must be connected to the Internet to send and receive emails. As you may know, the Internet is never safe. People who want to destroy your server are often on the internet, so one of the secrets of running an Exchange server safely is to not give those people any chance to destroy your server. This article describes some of the technologies that help you secure your Exchange server.

What am I defending?

You might want to know, usually there is no confidential data on the Exchange server, what kind of damage does a malicious user want to cause to the mail server? But there are still a lot of attacks. The most common form of attacking an Exchange server is called a Dos attack, which sends a large number of messages to the server until the server overloads and stops running.

When security is compromised, hackers can steal information. Hackers can burst into the server, access to confidential Data folder permissions, hackers may also use the package leak detection procedures and interception of packets to steal information.

Finally, we should also prevent cheating. Deception is a hacker masquerading as a legitimate user, although deception can steal information, but it can also be used to disseminate error messages. For example, it is easy for a spoof program to send mail in the name of a legitimate user, which may say, "I'm Gone", "the company's president is a big fool", "If I don't meet my requirements, 2 o'clock in the afternoon the company will explode", can be seen that the harm of deception is quite large. Fortunately, there are techniques to prevent these three kinds of damage.

Basis

Some of the most effective technologies used to protect your Exchange servers are basic, but you may find that only these basic technologies are not enough. Basic and advanced security techniques should be used in conjunction. We will review the basic technologies and discuss some of the advanced technologies.

Windows NT

The Exchange server is running in Windows NT because Exchange uses many of the security features of Windows NT, so it is important to ensure that Windows NT is as secure as possible. Windows NT is complex enough to use a book to talk about security, but with limited space, you just need to remember a few questions.
First, make sure that all the disks associated with the Exchange files are in NTFS format and that many hackers try to attack NT servers and access the system through a network share, although you cannot block network sharing, but remember that file permissions (specified by NTFS) bring additional security to the server. Windows NT uses more restrictive rights management when file permissions and share permissions are not the same. For example, if an unauthorized user has access to a network share, if his permission to share the network is the highest, but the file can only read and write, NT can detect this contradiction, only allow users to have read-only permissions, because it is the most stringent of these two permissions.

Service Packs

Service packs are more secure, and Microsoft has been looking for security vulnerabilities since Windows NT service packs were released. These vulnerabilities are made up through patches provided by the Microsoft FTP site, and the new patches will include all previous patches, when this article was written, the Windows NT Service Pack was Service Pack 5, and the latest Exchange 5.5 Service pack was the services Pack2.

Encryption

Not all service packs are equal, TechNet's service packs are 40-bit encrypted, which is the maximum allowed by the U.S. government. Needless to say, a 40-digit password is hard to crack. However, if you are in the United States or Canada, you can get 128-bit encryption. You must connect to a computer registered in the United States or Canada to download a 128-bit cryptographic service pack, because sometimes the United States and Canada can not download the High Encryption service pack, you could directly order the CD to Microsoft, inexpensive.

Virus protection

As well as protecting other programs to protect the Exchange server from viruses, in many cases, rampant viruses are caused by email. For example, a person who receives a joke sends the message to his 20 best friends, and your friend may forward it to more people. If the attachment to this email is a virus, hundreds of people will be infected within a few hours.

Every good network administrator knows that each workstation's virus software needs to be updated in a timely manner, but it still gives room for human error. For example, if you want to open a virus-infected email attachment, the virus program will let you choose to remove the virus, fix the virus, delete the file, or leave it at all. If the user ignores the virus warning, antivirus software is actually useless.
Fortunately, there is a way to get rid of this, install antivirus software that runs on the Exchange server, and scan the mail virus before it arrives at the recipient's hands. If the software discovers a virus, it isolates the file immediately. Some anti-virus software even warns people who send viruses, such as Symantec Company's Norton Antivirus software.

Service Account

As you may know, the Exchange server interacts with the service account with the Windows NT security system, and the service account has a huge security vulnerability because it has too much power to intervene in exchange. Unfortunately, the service account can not be prohibited or reduce its rights, so it is better to find another way.

When you install Exchange, select an inconspicuous username, for example, you can use the name of a good friend who doesn't work with you.

Do not rename an existing service account unless you are aware of what you are doing. Doing so will cause exchange to not work properly.

You should use a password for your account, and there are many password-breaking programs on the Internet, some of which compare your password (extracted from registration) with the words in the dictionary, and some users try all possible combinations. So, the longer, the more obscure, the more encrypted, the better the password, the best password mix uppercase and lowercase symbols and numbers.

Internet connection

So far, you've shown a basic technology to protect exchange, but it's also a good idea to keep your Internet connection secure because the strongest threat comes from the Internet.

Proxy Server

Using a proxy server is a good way to protect your network from Internet users, and a proxy server requires multiple Windows NT servers. That means the server must have two network adapters, one to connect to the Internet and the other to connect to your network. All and the Internet data transfer through the proxy server, the advantage of using a proxy server is that Internet users can only see the IP address of your network-the address of the server. All other IP addresses are blocked by the proxy server and are not uploaded to the Internet. From outside users on the Internet, the data emitted from your network seems to be emitted from a proxy server, because all IP addresses are hidden and it is difficult to access the network using TCP/IP calls. With a proxy server, you have the ability to disallow different TCP/IP ports and protocols, opening only the ports and protocols that you need, and reducing the risk of using TCP/IP component users to attack the network.
Exchange architecture

As we have explained, the best way to protect your Exchange server is to protect NT and block your network from the Internet. However, no matter how you stop and filter, it is always possible for someone to sneak in. There is another simple way to protect your exchange.

First, you need another Exchange server, which is used only for SMTP routing. Put this exchange on another idle server and make the new server part of the network. Make it an Internet Mail Connector, and all mailboxes and public directories are on other servers.

The new server sends the message to the appropriate mailbox, and if someone launches a Dos attack, simply turn off the protection server, and the attack will not affect other servers, including mailboxes and public directories. Because internal data is not related to servers that are directly connected to the Internet, configuring Exchange this way is also a good way to prevent information theft and spoofing.

You may wonder how effective this technique is, after all, the secure server is connected to the Internet via the TCP/IP protocol. Similarly, TCP/IP may also be used by other servers. Therefore, you will doubt whether the hacker will enter the protection server through the proxy server, they may enter the other Exchange server.

The technology we just talked about is useful because it can be used in different segments of the network. Firewalls block most TCP/IP ports, and because of this, trying to steal mail, spoof accounts, and launch Dos attacks can get access to the server through SMTP calls. Even if they enter the server, Exchange does not use SMTP to communicate with the local server. They use RPC (remote procedure calls), because your server can have mail boxes and public directories that do not recognize SMTP traffic, so data can be protected from such attacks.

Security settings within Exchange

There are also a number of parameters that need to be adjusted within Exchange, for example, Dos attacks send large amounts of mail to the server, blocking the server. Although the SMTP data is isolated with the protection server, it does not allow the protection server to be always attacked by DOS. One way to block this attack is to set the number of incoming messages.

Open Exchange Manager, admin → site → configure server → server Recipients (servers receiver). Then, in the File menu, select the recipient and click Properties. In the property page, select the Limits tab to set the maximum inbound information for each user. Set a smaller number for most users and make them larger for users who often receive large attachments.

Conclusion

e-mail systems are often the target of Internet users, so it is important to protect your Exchange servers from Internet attacks. This article explains some of the technologies that can improve exchange security.