By Theresa Miller
Security is of constant issue when it comes to email. If you are new to the world of managing an Exchange environment, this article will help you discover some of the key security considerations for your new job. Organizationally and personally our devices are always at risk for hacking, phishing attempts, malware and viruses. So what are some of the considerations we face on how we can prevent vulnerabilities from impacting our organizational systems? What options we can consider to help protect us from those who are interested in stealing personal and organizational information?
It doesn’t take much to become compromised. A common method used to steal personal or organizational email by simply receiving an email. Of course this would not be any kind of ordinary email. It is one that is designed to look “real”, but isn’t. For example the email may indicate that your IT department requires you to change your password, but it really didn’t come from your IT department. Other vulnerabilities can come through internet browsing that will install viruses or load malware on our PC’s that have the potential to compromise our confidential information. Stolen information can lead to the revealing of our own personal information, customer information or even stolen identities.
So what are some of the Exchange related steps that we can take to ensure that our data is secure from a mail perspective?
Make sure you have an excellent mail gateway product. Your mail gateway will typically be located in your DMZ and will handle all of your external mail whether incoming or outgoing. A mail gateway can be a server such as Microsoft’s Edge Transport server running Fore Front Security, an appliance-based solution that will filter email before it reaches your organizations users.
These products all have detection systems that prevent messages from entering your organization that could compromise your organization through viruses, phishing attempts and other exploits that could negatively impact your organization. These systems even have logic that can stop attempts to relay large quantities of email messages. Some of these strategies are based on product-based algorithms and others can be configured based upon your organizational security policies. When choosing a mail gateway vendor take the time to research your options and choose what it best for your organization.
What is an Exchange relay, you ask? Relaying allows a PC or server to send mail through SMTP to an internal and/or external destination through your Exchange servers. An example of when you may want another system to relay through Exchange is pager-based alerting or you may also have a 3rd party software vendor that requires the ability to send mail from their software program to users/administrators.
The issue with relays is that the “allowed” system can freely send email through Exchange. This typically is not a concern among co-workers, but if a system that you have given permission to do relaying were to become compromised you may be allowing a spammer or hacker to send mail on behalf of your organization.
So what happens if compromised system sends external spam? Your organization is at risk for having your domain name blacklisted. If your domain becomes blacklisted your organization will not be able to get mail to other businesses if their mail gateway detects your domain had become blacklisted. If you are having trouble getting email to an important customer you may to check your mail gateway for information related to why. Spamhaus is also a great resource for researching whether your organization has been blacklisted, for learning more about blacklisting in general. http://www.spamhaus.org/
So if I allow Exchange to relay email on behalf of some of my internal systems, and the primary reason for the relays are system-based paging alerts to your administrators then considering a third party paging products that integrate with Exchange could be a valuable solution to investigate. Some of these products integrate with Exchange and some of them do not. If you are looking at the products that would integrate with Exchange you will also get other protocol options for sending pages such as SNPP and yes in some cases even TAP.
The following article provides additional insights on Exchange Relay connectors and how to set them up. https://technet.microsoft.com/en-us/library/bb232021(v=exchg.141).aspx
With Exchange it is very important to be scanning both your local system and your organizational email messages. Local system scanning checks your server for viruses and Exchange specific antivirus solutions can do virus scanning, content blocking, attachment blocking and more for your email messages.
When configuring local system scanning of your servers it is important to understand that this means you are scanning your local system drives on the server that runs Exchange. This protects your server from unwanted Malware and Viruses. When configuring local system virus scanning of an Exchange server, be sure to include any antivirus exclusion’s recommended by Microsoft. These exclusions will prevent corruption of your Exchange data and databases. Additional detail on the exclusions can be found in the following TechNet article: http://technet.microsoft.com/en-us/library/bb332342(v=exchg.150).aspx .
The other type of virus scanning involves virus scanning products that specifically are designed to scan your email as it enters your organization. This can be done through a mail gateway which is discussed below, but there should also be item-level scanning done at the mailbox server level. This can be done through various 3rd party products, so do your research to decide which product is best for your organization.
Once you have decided upon a product, be sure to configure to scan mail as it arrives and use the same product to do weekly mailbox scans of ALL the mailboxes in the organization. Sometimes new viruses can get into your organization if your email scanning vendors are unaware of the virus or are working on protection for a newly released virus. By doing weekly database scans this ensures that you are removing any viruses that may have entered the organization before your antivirus vendor had released an update for your product.
Block port 25 within your organization wherever possible to prevent email from flowing through any server in your environment. The logic is that this would be to prevent the hacker, virus or malware from sending whatever it would like throughout your organization if a PC or server were to be compromised. Messaging doesn’t require a mail client such as Outlook and can be sent through the command line. Blocking of Port 25 where it is not needed can heighten organization security.
Typically, this can be done through firewall port-level blocking and/or through your local antivirus software depending on the vendor. If you use your local antivirus software as a mechanism to block port 25, this shifts the responsibility to the antivirus administrator instead of your networking engineers. Before implementing any type of organization-wide port blocking it is highly recommended that you research your environment and learn where you might have use cases that require this type of mail flow. Remember your users are your customers, so research your environment and communicate your work before just point blank shutting this down.
There are several different layers of security that your organization can consider to protect your Exchange servers and organizational information. Security is a complex topic with many facets, so as a new Exchange administrator these are some of the considerations that will secure email within your organization. This article highlights details and considerations related to antivirus software, Mail Gateway products, organizational blocking of port 25 and Exchange relays. After considering all of your options for securing email it is likely that you will implement some combination of the above options to meet all of the security needs of your organization.