Chapter 5: Protection 73
To keep your Exchange Server computers secure, look carefully at group memberships.
One of the most critical groups you should monitor is the Exchange Domain Servers
Group. Any user or computer account that is a member of the Exchange Domain Servers
account has full control of the Exchange Organization, so it is extremely important to
secure membership of this group. You should also ensure that the membership of the Built-
in/Administrators group on the Exchange Server computers is also tightly locked down.
Members of this group automatically have Send As permissions on all mailboxes for that
server. The most efficient way to control membership of these groups is through Group
Policy.
You would also be advised to audit for configuration changes to Exchange. A good change
and configuration management system ensures that no changes are made to the system
which have not been pre-authorized. So, regular checks of your Event Logs (or any other
monitoring system you have chosen) allow you to see if unauthorized changes have been
made.
Your Exchange operations department should ensure that it receives security bulletins from
Microsoft. To receive these bulletins, visit the following Web site:
http://www.microsoft.com/technet/security/notify.asp
In cases where a security breach has been exposed and a new hot fix needs to be applied,
the change should generally be considered urgent and should travel through the change
configuration process accordingly.
One of the best ways of protecting against malicious use of e-mail is to use Key Manage-
ment Server. This allows you to digitally sign and seal messages so that you can determine
if a mail has actually come from the person who claims to send it and that the mail has not
been altered in transit. Of course for this to work, the security of Key Management Server
itself is paramount. Your operations practice should ensure very high security for this
server, controlling very tightly who is in the local groups on the server. A password is used
to start the Key Management Server and this should be kept on a floppy disk, physically
separate from the server after the service has been started.
Of course, you still need to protect your Exchange Server computer against external
attack. The rest of this section examines what you need to consider when you are operat-
ing one or more firewalls in your environment.
Firewall Operations
Exchange can exist in a variety of different firewall configurations. As part of your plan-
ning and deployment you will have chosen how to deploy your firewall solutions around
Exchange. Possible deployments could include a single firewall in front of servers running
Exchange, to multiple firewalls in front of and behind front-end servers.
Firewall configuration is typically rather complex, so it is very important that operations
personnel have a good idea as to exactly how firewalls are configured within their organi-
zation, what they should keep out and what they should let in, when they are correctly