Securing Exchange 2000 Chris Weber [email protected] Trustworthy Exchanges and the Art

Securing Exchange 2000Securing Exchange 2000

Chris WeberChris [email protected]@foundstone.com

http://www.foundstone.comhttp://www.foundstone.comhttp://www.privacydefended.com http://www.privacydefended.com

Trustworthy Exchanges and the Art of doing it yourselfTrustworthy Exchanges and the Art of doing it yourself

Ask a Question Now! ClickAsk a Question Now! Click on the left portion of your s on the left portion of your screen.creen.

Securing Microsoft Exchange 2000 ChSecuring Microsoft Exchange 2000 [email protected] [email protected]

SynopsisSynopsis

Focused on single backend Exchange Server with front-end OWA serverFocused on single backend Exchange Server with front-end OWA serverHacking ExchangeHacking Exchange

ScanningScanning EnumeratingEnumerating AttackingAttacking

The Exchange ApplicationThe Exchange Application Secure AdministrationSecure Administration System PoliciesSystem Policies MalwareMalware OWAOWA Known VulnerabilitiesKnown Vulnerabilities

Other Fundamental ConsiderationsOther Fundamental Considerations IIS 5.0IIS 5.0 Windows OSWindows OS NetworkNetwork



What is not coveredWhat is not covered

A lot!A lot! Connectors and ReplicationConnectors and Replication Internet POP3/SMTP clients like Outlook Internet POP3/SMTP clients like Outlook

ExpressExpress BackupsBackups Monitoring and status notificationsMonitoring and status notifications PKIPKI



Security PolicySecurity Policy

Organizational security policies should be Organizational security policies should be in place to guide daily actions.in place to guide daily actions.

Never start configuring without having a Never start configuring without having a “management supported” plan in place.“management supported” plan in place.


Secure Network DiagramSecure Network Diagram

Front EndExchange/OWA

BackEnd Exchange

DMZ Firewall

Internet Firewall

UntrustedDMZ

TrustedCorporate LAN

Internet Firewall:

DENY ALL by defaultIncoming from Internet Allow TCP port 25 (SMTP) TCP/UDP port 53 (DNS) TCP port 443 (HTTPS)Outgoing Allow: Only established connections

DMZ Firewall:

DENY ALL by defaultIncoming from DMZ Allow TCP/UDP port 53 TCP port 80 (HTTP) TCP/UDP port 88 (Kerberos) TCP port 135 (endpoint mapper) TCP/UDP port 389 (LDAP) TCP port 445 (SMB/CIFS) TCP port 1025 (optional RPCstatic port) TCP port 3268 (GC)

Outgoing Allow: Only established connections

SMTP forwarder/content filter



Hacking Exchange 2000Hacking Exchange 2000Why Hack Exchange?Why Hack Exchange?

Learn host configuration informationLearn host configuration information Learn of hidden Public FoldersLearn of hidden Public Folders Glean User account names and email addressesGlean User account names and email addresses

Information GatheringInformation Gathering Network port scanNetwork port scan Server enumerationServer enumeration

NetBIOSNetBIOSLDAPLDAPRPCRPC

User and configuration enumerationUser and configuration enumerationLDAP with Null sessionLDAP with Null sessionNetBIOS will Null sessionNetBIOS will Null session

Pilfering sharesPilfering sharesTracking logsTracking logs

Launching an attackLaunching an attack Aiming for admin accessAiming for admin access


Hacking Exchange 2000Hacking Exchange 2000LDAP exposes Users and Public Folders hidden from the Exchange Address Lists



Port ScanPort Scan

172.16.2.10 995/tcp - POP/SSL172.16.2.10 995/tcp - POP/SSL172.16.2.10 1048/tcp172.16.2.10 1048/tcp172.16.2.10 1049/tcp172.16.2.10 1049/tcp172.16.2.10 1053/tcp172.16.2.10 1053/tcp172.16.2.10 1055/tcp172.16.2.10 1055/tcp172.16.2.10 1089/tcp172.16.2.10 1089/tcp172.16.2.10 1104/tcp172.16.2.10 1104/tcp172.16.2.10 1107/tcp172.16.2.10 1107/tcp172.16.2.10 1198/tcp172.16.2.10 1198/tcp172.16.2.10 1200/tcp172.16.2.10 1200/tcp172.16.2.10 1247/tcp172.16.2.10 1247/tcp172.16.2.10 1249/tcp172.16.2.10 1249/tcp172.16.2.10 3372/tcp172.16.2.10 3372/tcp172.16.2.10 3389/tcp - MS Terminal 172.16.2.10 3389/tcp - MS Terminal

Server Server

172.16.2.10 4277/tcp172.16.2.10 4277/tcp

Scan finished at Fri Feb 22 00:55:48 Scan finished at Fri Feb 22 00:55:48 20022002

Time taken: 65535 ports in 318.138 secs Time taken: 65535 ports in 318.138 secs (206.00 ports/sec)(206.00 ports/sec)

D:\tools>fscan -p 1-65535 -z 128 exchangeD:\tools>fscan -p 1-65535 -z 128 exchangeFScan v1.12 - Command line port scanner.FScan v1.12 - Command line port scanner.Copyright 2000 (c) by Foundstone, Inc.Copyright 2000 (c) by Foundstone, Inc.http://www.foundstone.comhttp://www.foundstone.com

Scan started at Fri Feb 22 00:50:30 2002Scan started at Fri Feb 22 00:50:30 2002

172.16.2.10 25/tcp - SMTP172.16.2.10 25/tcp - SMTP172.16.2.10 80/tcp - HTTP172.16.2.10 80/tcp - HTTP172.16.2.10 119/tcp - NNTP172.16.2.10 119/tcp - NNTP172.16.2.10 135/tcp - RPC/DCE 172.16.2.10 135/tcp - RPC/DCE

endpoint mapper endpoint mapper172.16.2.10 139/tcp - NetBIOS session 172.16.2.10 139/tcp - NetBIOS session serviceservice172.16.2.10 143/tcp - IMAP172.16.2.10 143/tcp - IMAP172.16.2.10 443/tcp - HTTPS172.16.2.10 443/tcp - HTTPS172.16.2.10 445/tcp - Microsoft SMB/CIFS172.16.2.10 445/tcp - Microsoft SMB/CIFS172.16.2.10 563/tcp - NNTP/SSL172.16.2.10 563/tcp - NNTP/SSL172.16.2.10 593/tcp - HTTP RPC endpoint 172.16.2.10 593/tcp - HTTP RPC endpoint mappermapper172.16.2.10 691/tcp - SMTP/LSA 172.16.2.10 172.16.2.10 691/tcp - SMTP/LSA 172.16.2.10

993/tcp 993/tcp

XGEN: TCP/UDP Ports Used By Exchange 2000 Server (Q278339)XGEN: TCP/UDP Ports Used By Exchange 2000 Server (Q278339)



Port and Process MappingsPort and Process Mappings

Useful tools:Useful tools: FPORT.EXE FPORT.EXE

(from (from www.foundstone.comwww.foundstone.com)) TLIST.EXE /STLIST.EXE /S

(from Windows 2000 installation CD \Support (from Windows 2000 installation CD \Support directory)directory)



fport.exefport.exeFPort v1.31 - TCP/IP Process to Port MapperFPort v1.31 - TCP/IP Process to Port MapperCopyright 2000 by Foundstone, Inc.Copyright 2000 by Foundstone, Inc.http://www.foundstone.comhttp://www.foundstone.comSecuring the dot com worldSecuring the dot com worldPid Process Port Proto Path Pid Process Port Proto Path 1028 inetinfo -> 25 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 25 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 80 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 80 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 110 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 110 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 119 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 119 TCP C:\WINNT\System32\inetsrv\inetinfo.exe512 svchost -> 135 TCP C:\WINNT\system32\svchost.exe 512 svchost -> 135 TCP C:\WINNT\system32\svchost.exe 8 System -> 139 TCP 8 System -> 139 TCP 1028 inetinfo -> 143 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 143 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 443 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 443 TCP C:\WINNT\System32\inetsrv\inetinfo.exe8 System -> 445 TCP 8 System -> 445 TCP 1028 inetinfo -> 563 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 563 TCP C:\WINNT\System32\inetsrv\inetinfo.exe512 svchost -> 593 TCP C:\WINNT\system32\svchost.exe 512 svchost -> 593 TCP C:\WINNT\system32\svchost.exe 1028 inetinfo -> 691 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 691 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 993 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 993 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 995 TCP C:\WINNT\System32\inetsrv\inetinfo.exe1028 inetinfo -> 995 TCP C:\WINNT\System32\inetsrv\inetinfo.exe264 lsass -> 1032 TCP C:\WINNT\system32\lsass.exe 264 lsass -> 1032 TCP C:\WINNT\system32\lsass.exe 264 lsass -> 1033 TCP C:\WINNT\system32\lsass.exe 264 lsass -> 1033 TCP C:\WINNT\system32\lsass.exe 600 msdtc -> 1048 TCP C:\WINNT\System32\msdtc.exe 600 msdtc -> 1048 TCP C:\WINNT\System32\msdtc.exe 860 MSTask -> 1049 TCP C:\WINNT\system32\MSTask.exe 860 MSTask -> 1049 TCP C:\WINNT\system32\MSTask.exe 1044 mad -> 1053 TCP C:\Program Files\Exchsrvr\bin\mad.exe1044 mad -> 1053 TCP C:\Program Files\Exchsrvr\bin\mad.exe1044 mad -> 1055 TCP C:\Program Files\Exchsrvr\bin\mad.exe1044 mad -> 1055 TCP C:\Program Files\Exchsrvr\bin\mad.exe



tlist.exe /stlist.exe /s 0 System Process 0 System Process 8 System 8 System 172 SMSS.EXE 172 SMSS.EXE 200 CSRSS.EXE 200 CSRSS.EXE 224 WINLOGON.EXE 224 WINLOGON.EXE 252 SERVICES.EXE Svcs: 252 SERVICES.EXE Svcs:

Alerter,Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,lanmanworkstation,LmHosts,Messenger,PlugPlay,ProtectedStoragAlerter,Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,lanmanworkstation,LmHosts,Messenger,PlugPlay,ProtectedStorage,seclogon,TrkWks,W32Time,Wmie,seclogon,TrkWks,W32Time,Wmi

264 LSASS.EXE Svcs: Netlogon,NtLmSsp,PolicyAgent,SamSs264 LSASS.EXE Svcs: Netlogon,NtLmSsp,PolicyAgent,SamSs 368 termsrv.exe Svcs: TermService368 termsrv.exe Svcs: TermService 512 svchost.exe Svcs: RpcSs512 svchost.exe Svcs: RpcSs 540 SPOOLSV.EXE Svcs: Spooler540 SPOOLSV.EXE Svcs: Spooler 600 msdtc.exe Svcs: MSDTC600 msdtc.exe Svcs: MSDTC 748 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,SENS748 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,SENS 764 LLSSRV.EXE Svcs: LicenseService764 LLSSRV.EXE Svcs: LicenseService 808 regsvc.exe Svcs: RemoteRegistry808 regsvc.exe Svcs: RemoteRegistry 840 LOCATOR.EXE Svcs: RpcLocator840 LOCATOR.EXE Svcs: RpcLocator 860 mstask.exe Svcs: Schedule860 mstask.exe Svcs: Schedule 944 WinMgmt.exe Svcs: WinMgmt944 WinMgmt.exe Svcs: WinMgmt1000 dfssvc.exe Svcs: Dfs1000 dfssvc.exe Svcs: Dfs1028 inetinfo.exe Svcs: IISADMIN,IMAP4Svc,NntpSvc,POP3Svc,RESvc,SMTPSVC,W3SVC1028 inetinfo.exe Svcs: IISADMIN,IMAP4Svc,NntpSvc,POP3Svc,RESvc,SMTPSVC,W3SVC1044 MAD.EXE Svcs: MSExchangeSA1044 MAD.EXE Svcs: MSExchangeSA1076 mssearch.exe Svcs: MSSEARCH1076 mssearch.exe Svcs: MSSEARCH1524 STORE.EXE Svcs: MSExchangeIS1524 STORE.EXE Svcs: MSExchangeIS1556 EMSMTA.EXE Svcs: MSExchangeMTA1556 EMSMTA.EXE Svcs: MSExchangeMTA2360 CSRSS.EXE Title: 2360 CSRSS.EXE Title: 2384 WINLOGON.EXE Title: NetDDE Agent2384 WINLOGON.EXE Title: NetDDE Agent2464 rdpclip.exe Title: CB Monitor Window2464 rdpclip.exe Title: CB Monitor Window2508 explorer.exe Title: Program Manager2508 explorer.exe Title: Program Manager2560 mshta.exe Title: Windows 2000 Configure Your Server2560 mshta.exe Title: Windows 2000 Configure Your Server2580 svchost.exe Svcs: TapiSrv2580 svchost.exe Svcs: TapiSrv2652 mdm.exe Title: OleMainThreadWndName2652 mdm.exe Title: OleMainThreadWndName2736 CMD.EXE Title: C:\WINNT\System32\cmd.exe - tlist /s 2736 CMD.EXE Title: C:\WINNT\System32\cmd.exe - tlist /s 976 notepad.exe Title: fport - Notepad976 notepad.exe Title: fport - Notepad 768 TLIST.EXE 768 TLIST.EXE



Exchange 2000Exchange 2000

SMTP relay disabledSMTP relay disabledRights to the MailboxRights to the Mailbox Admin is DENIED access to mailboxes (by Admin is DENIED access to mailboxes (by

default), but easily changeddefault), but easily changed ““Exchange Domain Servers” group full accessExchange Domain Servers” group full access %COMPUTERNAME%$ full access%COMPUTERNAME%$ full access

No more Service AccountNo more Service Account Your LSA Secrets are safe…Your LSA Secrets are safe…

Some Security related changes from 5.5 to 2000



Security Checklist:Security Checklist:http://www.microsoft.com/technet/treeview/defauhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/w2ksvrcl.asplt.asp?url=/technet/security/tools/w2ksvrcl.asp Disable unnecessary services and portsDisable unnecessary services and ports Enable AuditingEnable Auditing Rename local Admin account and enable a strong Rename local Admin account and enable a strong

passwordpassword ACL and monitor critical Registry keysACL and monitor critical Registry keys

Watch event logs for failed login attemptsWatch event logs for failed login attempts

Exchange 2000Exchange 2000Secure Administration – Lock it down




Administrative RolesAdministrative Roles Exchange AdministratorExchange Administrator Exchange Full AdministratorExchange Full Administrator Exchange View Only AdministratorExchange View Only Administrator XADM: How to Get Service Account Access to All XADM: How to Get Service Account Access to All

Mailboxes in Exchange 2000 (Q262054)Mailboxes in Exchange 2000 (Q262054)http://support.microsoft.com/default.aspx?scid=kb;en-http://support.microsoft.com/default.aspx?scid=kb;en-us;Q262054 us;Q262054

Delegation WizardDelegation Wizard Use to add/edit Admin rolesUse to add/edit Admin roles

Secure Administration - Roles




XADM: Enhancing the Security of XADM: Enhancing the Security of Exchange 2000 for the Exchange Domain Exchange 2000 for the Exchange Domain Servers Group (Q313807) Servers Group (Q313807)

The All-Powerful Exchange Domain Servers Group



Registry HackRegistry Hack To show the security tab in System ManagerTo show the security tab in System Manager

HKCU\Software\Microsoft\Exchange\ExAdminHKCU\Software\Microsoft\Exchange\ExAdmin

Value: ShowSecurityPageValue: ShowSecurityPage

Date: 1 (REG_DWORD)Date: 1 (REG_DWORD) XADM: Security Tab Not Available on All XADM: Security Tab Not Available on All

Objects in System Manager (Q259221) Objects in System Manager (Q259221)

Exchange 2000Exchange 2000Secure Administration – Security Permissions Page




Security of SharesSecurity of Shares Tracking Logs:Tracking Logs:

%COMPUTERNAME%.log%COMPUTERNAME%.log

Contain user information such as email Contain user information such as email addresses and usernames.addresses and usernames.

EVERYONE or Authenticated Users can read EVERYONE or Authenticated Users can read by defaultby default

Securing File Shares



Disable unnecessary services and Disable unnecessary services and protocolsprotocols For both Exchange and WindowsFor both Exchange and Windows Do you need POP3? IMAP? HTTP?Do you need POP3? IMAP? HTTP? Do you need the Alerter service? Do you need the Alerter service?

Messenger? DHCP client?Messenger? DHCP client?

Exchange 2000Exchange 2000Secure Administration - TURN OFF WHAT YOU DON’T NEED




System PoliciesSystem Policies Server policyServer policy Mailbox policyMailbox policy Public Folder policyPublic Folder policy

System Policies



Use SMTP content filter for Internet emailUse SMTP content filter for Internet email Use a separate host or a firewall for SMTP relayUse a separate host or a firewall for SMTP relay Catch incoming/outgoing malware elsewhere, and Catch incoming/outgoing malware elsewhere, and

relieve your Exchange server of the loadrelieve your Exchange server of the load

Virus protection in the Information StoreVirus protection in the Information Store Well, some viruses originate within, so you still need Well, some viruses originate within, so you still need

protection.protection. Several server based virus scanners will protect (i.e. Several server based virus scanners will protect (i.e.

MailSecurity by GFI, Trend Micro, Sybari Antigen, NAI MailSecurity by GFI, Trend Micro, Sybari Antigen, NAI GroupShield)GroupShield)

Virus protection on the clientVirus protection on the client

Exchange 2000Exchange 2000Malware - Virus, trojan and worm protection



Exchange and OutlookExchange and Outlook

Prevent scripts and Active content from Prevent scripts and Active content from running on your user’s workstationsrunning on your user’s workstations Set the Security Zone in Outlook to Set the Security Zone in Outlook to

“Restricted Sites” – under Tools > Options > “Restricted Sites” – under Tools > Options > SecuritySecurity

Keep up-to-date with latest MS Outlook Keep up-to-date with latest MS Outlook and Internet Explorer patches and security and Internet Explorer patches and security hotfixeshotfixes

Malware – Protection in Outlook



Outlook Web AccessOutlook Web Access

General OWA securityGeneral OWA security Lock down IISLock down IIS

Security checklists Security checklists http://www.microsoft.com/technet/treeview/default.asp?http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.aspurl=/technet/security/tools/tools.aspIISLock.exeIISLock.exe

Definitely use SSLDefinitely use SSL Decide on Front-end vs. Back-end modelDecide on Front-end vs. Back-end model

Must read: Must read: http://www.microsoft.com/Exchange/techinfo/deployment/2000/E2KFronhttp://www.microsoft.com/Exchange/techinfo/deployment/2000/E2KFrontBack.asptBack.asp

Front-End serverFront-End serverIsolate it even in the DMZ (it should only communicate with the Isolate it even in the DMZ (it should only communicate with the Exchange BE server and an AD DC)Exchange BE server and an AD DC)

Intranet Firewall between Front End and Back EndIntranet Firewall between Front End and Back End Use STATIC RPC ports:Use STATIC RPC ports:

http://support.microsoft.com/support/kb/articles/q224/1/96.asphttp://support.microsoft.com/support/kb/articles/q224/1/96.asp

Installation and Design Considerations


Secure Network DiagramSecure Network Diagram

Front EndExchange/OWA

BackEnd Exchange

DMZ Firewall

Internet Firewall

UntrustedDMZ

TrustedCorporate LAN

SMTP forwarder/content filter

Internet Firewall:

DENY ALL by defaultIncoming from Internet Allow TCP port 25 (SMTP) TCP/UDP port 53 (DNS) TCP port 443 (HTTPS)Outgoing Allow: Only established connections

DMZ Firewall:

DENY ALL by defaultIncoming from DMZ Allow TCP/UDP port 53 TCP port 80 (HTTP) TCP/UDP port 88 (Kerberos) TCP port 135 (endpoint mapper) TCP/UDP port 389 (LDAP) TCP port 445 (SMB/CIFS) TCP port 1025 (optional RPCstatic port) TCP port 3268 (GC)




FirewallsFirewalls

Internet firewallInternet firewall DENY ALL incoming and DENY ALL incoming and

outgoingoutgoing Allow only what you need! For Allow only what you need! For

example:example:

Incoming from Internet Allow: TCP port 443 (HTTPS) TCP port 25 (SMTP) TCP/UDP port 53 (DNS)


IntranetIntranet Assign static RPC ports to the Assign static RPC ports to the

Exchange ServerExchange Server

DMZ firewallDMZ firewall DENY ALL incoming and DENY ALL incoming and

outgoinoutgoin Allow only what you need! For Allow only what you need! For

example:example: Incoming from DMZ Allow:Incoming from DMZ Allow: TCP port 80 (HTTP)

TCP/UDP port 88 (Kerberos) TCP/UDP port 53 TCP/UDP port 389 (LDAP) TCP port 3268 (GC) TCP port 135 (endpoing mapper) TCP port 1025 (optional RPC

static port) TCP port 445 (SMB/CIFS)Outgoing Allow: Only established connections

DENY everything. Only allow what you need!



Exchange 2000 VulnerabilitiesExchange 2000 Vulnerabilities* February 2002 ** February 2002 *MS02-003 : Exchange 2000 System Attendant Incorrectly Sets RemoMS02-003 : Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissionste Registry Permissions

http://archives.neohapsis.com/archives/vendor/2002-q1/0023.htmlhttp://archives.neohapsis.com/archives/vendor/2002-q1/0023.htmlSeptember 2001September 2001MS01-049 : Deeply-nested OWA Request Can Consume Server CPUMS01-049 : Deeply-nested OWA Request Can Consume Server CPU Availability AvailabilityAugust 2001August 2001MS01-043 : NNTP Service in Windows NT 4.0 and Windows 2000 CoMS01-043 : NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leakntains Memory LeakJuly 2001July 2001MS01-041 : Malformed RPC Request Can Cause Service FailureMS01-041 : Malformed RPC Request Can Cause Service FailureJune 2001June 2001MS01-030 : Incorrect Attachment Handling in Exchange OWA Can ExMS01-030 : Incorrect Attachment Handling in Exchange OWA Can Execute Scriptecute ScriptMarch 2001March 2001MS01-014 : Malformed URL Can Cause Service Failure in IIS 5.0 andMS01-014 : Malformed URL Can Cause Service Failure in IIS 5.0 and Exchange 2000 Exchange 2000November 2000November 2000MS00-088 : Exchange User Account VulnerabilityMS00-088 : Exchange User Account Vulnerability



The Windows OSThe Windows OS

Security is a pyramidSecurity is a pyramid

Exchange security depends on the OS securityExchange security depends on the OS security Follow checklists and best practices available from Follow checklists and best practices available from

www.microsoft.com/securitywww.microsoft.com/security as well as many third as well as many third parties like SANS (parties like SANS (www.sans.orgwww.sans.org))

Ensure new OS and Exchange installs are hardened Ensure new OS and Exchange installs are hardened before placed into productionbefore placed into production

Don’t let unnecessary services and software run!Don’t let unnecessary services and software run! Keep up-to-date on latest MS Service Packs and Keep up-to-date on latest MS Service Packs and

security hotfixessecurity hotfixes

The FOUNDATION of Exchange




SMTP replication in clear text!!!SMTP replication in clear text!!! Use IPSec with encryption parameters to protect this Use IPSec with encryption parameters to protect this

traffictraffic

Public FoldersPublic Folders EVERYONE group can add new folders by defaultEVERYONE group can add new folders by default

Event SinksEvent Sinks XCCC: Script Host Sink Is Not Registered on XCCC: Script Host Sink Is Not Registered on

Exchange 2000 Server by Default (Q264995)Exchange 2000 Server by Default (Q264995) http://www.outlookexchange.com/articles/glenscales/http://www.outlookexchange.com/articles/glenscales/

wssevtar.aspwssevtar.asp by Glen Scales by Glen Scales

Additional Thoughts



ReferencesReferencesExchangeExchangehttp://www.microsoft.com/exchangehttp://www.microsoft.com/exchange

http://www.microsoft.com/security http://www.microsoft.com/security

http://www.slipstick.comhttp://www.slipstick.com

http://www.msexchange.orghttp://www.msexchange.org

http://www.labmice.nethttp://www.labmice.net

IPSecIPSechttp://www.securityfocus.com/infocus/1519http://www.securityfocus.com/infocus/1519

The EndThe End

Securing Exchange 2000Securing Exchange 2000

Chris WeberChris [email protected]@foundstone.com

http://www.foundstone.comhttp://www.foundstone.comhttp://www.privacydefended.com http://www.privacydefended.com

Ask a Question Now!Ask a Question Now!

Documents

Securing Exchange 2000 Chris Weber [email protected] Trustworthy Exchanges and the Art