1 / 34

Integrating ISA Server and Exchange Server

Integrating ISA Server and Exchange Server. How email works. Mail server. An mail server is typically a combination of processes running on a server with a large storage capacity – a list of users and rules, and the capability to receive, send and store emails and attachments

sara-landry
Télécharger la présentation

Integrating ISA Server and Exchange Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrating ISA Server and Exchange Server

  2. How email works

  3. Mail server • An mail server is typically a combination of processes running on a server with a large storage capacity – a list of users and rules, and the capability to receive, send and store emails and attachments • Mail server software: Mdeamon, Exchange server 2003,…

  4. Why use Exchange 2003 • Backup and restore • High availability • Help migrating from older systems • Security improvements • Protection of e-mail

  5. Exchange 2003 Outlook Web Access (OWA)

  6. Exchange 2003 Mobile Capabilities Exchange 2003 Servers Outlook clients(RPC/HTTP) OWA clients(HTTP/HTML) Wireless Network ISA Firewall Pocket PC, Smartphone, third-party sync (HTTP/HTML) Outlook Mobile Access WAP 2.0, iMode(xHTML, cHTML)

  7. The goal of attack • Steal data • Blackmail • Launch bed for others attack • Bragging rights • Vandalism • Demonstrate vulnerability/satisfy curiosity • Damage company reputation • Others?

  8. Exchange 2003 and ISA 2006 Securing SMTP Traffic: • SMTP-based attacks: • Invalid, overly long, or unusual SMTP commands to attack a mail server or to gather recipient information • Attacks against recipients by including malicious content, such as worms • ISA Server protects mail servers by: • Enforcing compliance of SMTP commands with standards • Blocking disallowed SMTP commands • Blocking messages with disallowed attachment types, content, recipient or sender • ISA Server can stop attacks before they reach your mail servers!!

  9. Exchange 2003 and ISA 2006 • RPC and Firewalls: • Traditional Firewall • Open every port that RPC mightuse for incoming traffic • ISA Firewall • Initial connection • Only allows valid RPC traffic • Blocks non-Exchange queries • Secondary connection • Only allows connection to port used by Exchange • Enforces encryption Traditional firewalls can’t provide secure RPC access ISA Server enables secure remote email access using Outlook

  10. OWA and Traditional Firewalls • Web traffic to OWA is encrypted • Standard SSL encryption • Security against eavesdropping and impersonation • Limitation • Default OWA implementation does not protect against application layer attacks OWA Traffic Password Guessing Internet SSL Tunnel Web Server Attacks Exchange Web Server

  11. How ISA Protects OWA • Authentication • Unauthorised requests are blocked before they reach Exchange • Optional forms-based authentication prevents caching of credentials • Inspection • Invalid HTTP requests or requests for non-OWA content are blocked • Inspection of SSL traffic before it reaches Exchange server • Confidentiality • Ensures encryption of traffic over the Internet • Can prevent the downloading of attachments to client OWA Traffic Password Guessing Internet SSL Tunnel Web Server Attacks Inspection Authentication Exchange Server

  12. Publishing Exchange Server with ISA 2006

  13. Enabling SSL support for OWA

  14. Understanding the Need for Third-Party CAs • can buy a certificate from a third-party certificate authority such as Verisign, Thawte, or one of many other enterprise certificate authorities • validate that their customers are really who they say they are, and to generate the digital certificates that validate this for digital communications • that require encryption, such as SSL

  15. Installing a Third-Party CA on an OWA Server

  16. Type of CA • Enterprise root CA: highest-level certificate authority for an organization • Enterprise subordinate CA: subordinate to an existing enterprise root CA, and must receive a certificate from that root CA to work properly • Stand-alone root CA:similar to an enterprise CA, in that it provides for its own unique identity and can be uniquely configured

  17. Create certificate

  18. Create certificate

  19. Create certificate

  20. Create certificate

  21. Create certificate

  22. Exporting and Importing the OWA Certificate to the ISA Server On OWA server

  23. Exporting and Importing the OWA Certificate to the ISA Server On ISA server, open MMC console

  24. Exporting and Importing the OWA Certificate to the ISA Server

  25. Exporting and Importing the OWA Certificate to the ISA Server

  26. Creating Web Listener

  27. Creating Web Listener

  28. Creating Web Listener

  29. Creating Exchange Publishing Rule

  30. Creating Exchange Publishing Rule

  31. Creating Exchange Publishing Rule

  32. Creating Exchange Publishing Rule

  33. Creating Exchange Publishing Rule

  34. Testing the Solution In Remote Client

More Related