Module 6

Planning and Deploying Messaging Security

Module Overview

• Designing Message Security

• Designing Antivirus and Anti-Spam Solutions

Lesson 1: Designing Message Security

• Defining Message Security Requirements

• Designing Restrictions to Message Flow

• Designing SMTP Connector Security

• Designing Secure Message Routing Between Partner Organizations

• Designing Client-Based Messaging Security

Defining Message Security Requirements

• Is confidential business information sent by using e-mail?

• Is private customer information sent by using e-mail?

• Are recipients and senders internal, or is e-mail sent externally?

• Are confidential e-mails sent primarily to a limited number of external organizations, or to a variety of recipients?

If e-mail is secured using policies or technical solutions, analyze the effectiveness and satisfaction with the solution If e-mail is secured using policies or technical solutions, analyze the effectiveness and satisfaction with the solution

To collect information required to analyze message recipients and senders, ask:

To collect information required to analyze e-mail message contents, ask:

Designing Restrictions to Message Flow

Transport rules can restrict message flow or modify message contents for messages in transitTransport rules can restrict message flow or modify message contents for messages in transit

• Restrict message flow with transport rules

• Implement Hub Transport rules

• Implement Edge Transport rules

• Implement message classifications

Designing SMTP Connector Security

• Configure authentication for SMTP Receive connectors

• Configure authentication for SMTP Send connectors

• TLS

SMTP connector

SMTP connector

Options for providing additional security for SMTP e-mail:

Designing Secure Message Routing Between Partner Organizations

Generate a request for TLS certificates on the Edge Transport server11

Configure outbound Domain Security33Configure inbound Domain Security44Test Domain-secured mail flow55

Import and enable the certificate on the Edge Transport server22

Domain Security uses TLS with mutual authentication to provide session-based authentication and encryptionDomain Security uses TLS with mutual authentication to provide session-based authentication and encryption

To set up partner security:

Designing Client-Based Messaging Security

Exchange servers

S/MIME encrypted

S/MIME provides message-level authentication, non-repudiation, data integrity, and message encryption S/MIME provides message-level authentication, non-repudiation, data integrity, and message encryption

AD RMS is a technology that works with RMS-aware applications to help protect documents and e-mail from unauthorized use

AD RMS is a technology that works with RMS-aware applications to help protect documents and e-mail from unauthorized use

Lesson 2: Designing Antivirus and Anti-Spam Solutions

• Overview of Antivirus and Anti-Spam Solution Requirements

• Options for Implementing Antivirus and Anti-Spam Solutions in Exchange Server 2010

• Designing Anti-Spam Solutions

• Recommendations for Monitoring the Anti-Spam Solution

• Designing Antivirus Solutions

• Managing Antivirus Solutions

Overview of Antivirus and Anti-Spam Solution Requirements

• How often are antivirus and anti-spam filters updated, and are the processes automated?

• How does the anti-spam solution provide a balance between false positives and reducing as much spam as possible?

• What options does the solution provide for quarantining potentially malicious messages?

• What management and monitoring tools does the solution provide?

• How well does the solution integrate with your current system?

Critical factors to consider when evaluating antivirus and anti-spam solutions include:

Options for Implementing Antivirus and Anti-Spam Solutions in Exchange Server 2010

• Connection filtering

• Sender filtering

• Recipient filtering

• Sender ID

• Content filtering

• Sender reputation

• Attachment filtering

• Forefront Protection 2010 for Exchange Server

• Office Outlook Junk e-mail filtering

Exchange Server 2010 provides a number of antivirus and anti-spam solutions:

Designing Anti-Spam Solutions

Consider implementing Edge Transport servers as SMTP gateway servers

Configure filter agents to reject messages

Scan messages for spam before scanning for viruses

Scan for spam at the messaging gateway/Edge Server

Implement safelist aggregation Implement automatic anti-spam updates Increase the filtering level over time

Scan for spam on the Hub Transport server

Recommendations for Monitoring the Anti-Spam Solution

• Monitor for false positives

• Monitor for filtering effectiveness

• Monitor the quarantine mailbox

• Collect user feedback on the spam filter effectiveness

• Identify administrators, and provide monitoring tools

• Establish guidelines regarding when to monitor the system

• Establish a change control process for modifying spam filters

Exchange Server 2010 enables anti-spam stamps to help you diagnose spam-related problemsExchange Server 2010 enables anti-spam stamps to help you diagnose spam-related problems

As part of the monitoring process design, you should:

As part of the monitoring process, you should:

Designing Antivirus Solutions

Scan both incoming and outgoing e-mail

Strip attachments of certain file types

Delete rather than clean infected messages

Implement a defense-in-depth approach

Consider implementing Forefront Security for Exchange Server

Managing Antivirus Solutions

Monitor daily statistics

Regularly monitor antivirus software sites

Automate as many processes as possible

Develop clearly defined policies and processes

Develop a user education process Consider using Microsoft Exchange Hosted Services

Lab: Planning and Deploying Messaging Security

• Exercise 1: Designing Message Security

• Exercise 2: Designing Antivirus and Anti-Spam Solutions

• Exercise 3: Implementing Message Security

Logon information

Estimated time: 60 minutes

Lab Scenario

You are a messaging engineer for the A. Datum Corporation, an enterprise-level organization with multiple locations. You have been tasked with undertaking an analysis of the organization’s message security requirements. After you complete the analysis, you must update the necessary documentation.

After you have completed the message security analysis, you will investigate the organization’s antivirus and anti-spam requirements, and update the necessary documentation with your planned changes.

Finally, you will implement S/MIME within the A. Datum organization, as per the security requirements document.

Lab Review

• In exercise 3, you configured S/MIME by deploying a suitable certificate to all users in the Adatum.com domain. Using this method, could you exchange S/MIME-secured messages with partner organizations?

• What alternatives could you use instead of S/MIME to secure communications between partner organizations?

Module Review and Takeaways

• Review Questions

• Best Practices