- Microsoft will float cloud OS this month
- Top 16 Chinese iPhoneys
- Pimp your ride: Cool car technology
- Laptop stolen from McCain campaign
- Cisco, Microsoft roll out server, networking appliance
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
With Exchange 2007, Microsoft has introduced the concept of an Edge Transport server which is the outward-facing messaging component for handling SMTP network traffic.
An Exchange 2007 server in this role can send and receive Internet mail for the Exchange network (and do such things as blocking viruses and spam) but isn’t joined to the Active Directory domain. With this in place, Microsoft claims you can minimize security exposure.
We performed an initial security evaluation of the Edge Transport mode of Exchange as you would in an enterprise while doing the initial research on what it would take to deploy and defend Exchange 2007.
The first thing you notice is that the Edge Transport is definitely not the only thing at the edge. Outlook Web Access services and direct connections from Outlook clients and mobile devices still talk directly to Exchange servers that are fully part of the trusted inner circle. So the Edge Transport server handles strictly SMTP-based communications, which is only a part of the potential attack surface.
Current attack strategies often focus on Microsoft’s RPC mechanisms, IIS Web server transaction, and on vulnerable behavior of the email client, such as Outlook. SMTP attacks are simply not all that popular today. The Edge Transport is a sort of a Maginot Line in that Microsoft has put a lot of effort into defending something that may well not be where the attacks come from.
The Edge Transport uses a lightweight interface to Active Directory, ADAM (Active Directory Application Mode), to tie into the larger Exchange 2007 network. This limits the amount of directory information present near the edge to the minimum needed, the email addresses to be accepted.
The Edge Transport enforces email and security policies through message header inspection, content inspection and blacklist/whitelist management for all email traffic. Microsoft’s layers its anti-virus/anti-spam product Forefront Security on top of the Edge Transport server to block inappropriate email. Microsoft offers some protections in the communication between the Edge Transport server and the rest of the Exchange network to ensure that spam and virus verdicts cannot be faked by an attacker.
Another issue lies in the fact that there isn’t really documentation on Exchange 2007 security deployment and internals.
Rss FeedRss Feed
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
A Unified Approach to Workload Lifecycle ManagementDiscover how solutions that support workload profiling and enable anywhere-to-anywhere workload...
Consolidated Disaster Recovery Using VirtualizationServer virtualization is providing enterprises of all sizes with exciting new options for...
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Turning information into a Competitive AdvantageCompanies today are realizing that competitive advantage is harder to sustain when based solely on...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Managing a newly virtualized environment can be tricky. Effectively deploy this technology with the...
Data Center DecisionsData Center Decisions Made Easier. Learn about the latest tech trends that impact your data center...
Closing the Loop: Extending Wireless LAN Security to Wireless PrintersEnterprises cannot overlook wireless printers when assessing network security. The print jobs and...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find out more
Disk and Tape Square Off
Discover what disk and tape really cost -- and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download the White Paper
Don't Fall For The Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Download the White Paper
Will You Add Tape Too?
Over two thirds of disk-only users look to add tape back into storage infrastructure according to recent survey.
Download Survey Information
Comment