programming4us
programming4us
SECURITY

Microsoft Exchange Server 2007 : Securing Windows for the Edge Transport Server Role (part 1) - Using the SCW Template

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

In Exchange Server 2007, your Edge Transport server roles are installed as standalone servers in your perimeter network (also referred to as the boundary network or screened subnet).

Because these servers exist in your perimeter network, they are more vulnerable to potential attacks than servers located on your internal network. To prepare a server for the Edge Transport server role, you should first utilize the Security Configuration Wizard (SCW) to minimize the attack service of the server by disabling functions that are not needed to perform the functions of an Edge Transport server.

Although it is possible to manually secure the server, the SCW automates the process and applies Microsoft recommended best practices to lock the server down by utilizing a role-based metaphor to determine what services are needed on a particular server. By utilizing the SCW, you can minimize your exposure to exploitation of security vulnerabilities.

One of the challenges to locking down ports and services on a particular server is ensuring you do not remove functionality that is necessary for the server to perform its functions. Often, mistakes can be made that are not immediately visible and that can cause problems in your environment that will require troubleshooting at a later date. However, within Exchange Server 2007, there is an SCW template that can be applied to a computer that has the Edge Transport server role installed that can automatically lock down services and ports that are not needed to perform Edge Transport functionality.

When you run the SCW, you can create a custom policy based on this template that can be applied to all Edge Transport servers in your environment.

Implementing Network Security

Edge Transport servers in a perimeter network are generally configured with two network adapters—one to communicate strictly with the Internet, and the other strictly for internal communications.

Each adapter must have a different level of security applied to it. It is recommended that the Internet-facing (or external) adapter be configured to only allow SMTP traffic on port 25.

The internal adapter, on the other hand, needs the following ports open to properly communicate with the server within your organization:

  • Port 25/SMTP for SMTP traffic

  • Ports 50389/TCP and 50636/UDP for Lightweight Directory Access Protocol (LDAP) communication

  • Port 3389/TCP Remote Desktop Protocol

The LDAP ports are used during the EdgeSync process, and the RDP port is used to allow remote administration of the server.

Using the SCW Template

After the Edge Transport server role has been installed, you can follow this procedure to configure a security policy with the Security Configuration Wizard:

1.
Install the Security Configuration Wizard.

2.
Register the Security Configuration Wizard extension by locating the file named Exchange2007.xml in the C:\Program Files\Microsoft\Exchange Server directory. If you installed Exchange in a different directory, you will have to go there to locate the file.

3.
Copy the file to the C:\Windows\Security\Msscw\Kbs directory. If you installed Windows in a different directory, you will have to copy the file to that installation directory instead.

4.
Open a command prompt window and register the Exchange 2007 extension with the local security configuration database by typing the following command:

scwcmd register /kbname:msexchangeedge /kbfile:%winddir%\security\msscw\kbs\exchange2007.xml


5.
Verify that the command has completed successfully by viewing the SCWRegistrar_log.xml file located in the C:\Windows\Security\Msscw\Logs directory.

6.
Create the Edge Transport server SCW policy for your specific environment.

7.
If you have more than one Edge Transport server in your environment, you can apply this custom policy to each of them by performing the following steps:

a. Log on to a server with the Edge Transport server role installed. You must be logged on as a user that is a member of the local Administrators group on that computer.

b. Select Start, All Programs, Administrative Tools, Security Configuration Wizard to start the tool. Click Next on the welcome screen.

c. On the Configuration Action page, select Apply an Existing Security Policy. Click Browse, select the XML file for your policy, and then click Open. Click Next.

d. On the Select Server page, verify that the correct server name appears in the Server (use DNS name, NetBIOS name, or IP address) field. Click Next.

e. On the Apply Security Policy page, click View Security Policy if you want to view the policy details, and then click Next.

f. On the Applying Security Policy page, wait until the progress bar indicates Application Complete, and then click Next.

8.
On the Completing the Security Configuration Wizard page, click Finish.
Other  
  •  Microsoft Exchange Server 2007 : Edge Transport Server Connectors (part 2) - Setting Message Delivery Limits, Configuring Authoritative Domains
  •  Microsoft Exchange Server 2007 : Edge Transport Server Connectors (part 1) - Configuring Send Connectors on the Edge Transport Server
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Exchange Server 2007 SMTP Connectors (part 2) - Hub Transport Server Connectors
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Exchange Server 2007 SMTP Connectors (part 1) - Connector Topology
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Transport-Level Security Defined
  •  Microsoft Exchange Server 2007 : Exchange Server-Level Security Features (part 2) - Protecting Exchange Server 2007 from Viruses
  •  Microsoft Exchange Server 2007 : Exchange Server-Level Security Features (part 1) - Exchange Server 2007 Antispam Measures
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 5) - Using Email Disclaimers
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 4) - Establishing a Corporate Email Policy, Securing Groups
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 3) - Hardening Windows Server 2003 - Running SCW
  •  
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us
    programming4us
     
     
    programming4us