Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


October 18, 2002

Exchange & Outlook UPDATE, Exchange Edition, October 18, 2002

A Web Exclusive from Windows IT Pro
Various Authors
Exchange & Outlook UPDATE
InstantDoc #27015
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Exchange and Outlook UPDATE, Exchange Edition—brought to you by Exchange & Outlook Administrator, a print newsletter from Windows & .NET Magazine that contains practical advice, how-to articles, tips, and techniques to help you do your job today.
http://www.exchangeadmin.com

THIS ISSUE SPONSORED BY

HP-Quest Software Free E2K Security Whitepaper
http://www.quest.com/landing/winnetmag_exchange101802.asp

Networking UPDATE Email Newsletter
http://www.winnetmag.com/email/networking/
(below COMMENTARY)

SPONSOR: QUEST SOFTWARE

FREE WHITEPAPER. Enhance security, ease administration and increase productivity. With the right management tools and best practices, you can do more with less!

Quest Software and HP have collaborated to offer "Advanced Security and Directory Administration for Exchange 2000," a free whitepaper offering best practices to help you make the most of the capabilities of your new environment.

Improve security across the enterprise and make Exchange 2000 work for YOU. Download the whitepaper today!
http://www.quest.com/landing/winnetmag_exchange101802.asp

October 18, 2002—In this issue:

1. COMMENTARY

  • Physical Security: The Final Frontier

2. ANNOUNCEMENT

  • Hey Denver and San Francisco! Got Security Concerns?

3. RESOURCES

  • Knowledge Base: Windows NT System Key Permits Strong Encryption of the SAM
  • Featured Thread: IMS Forwarding Help

4. NEW AND IMPROVED

  • Log and Archive Instant Messages
  • Submit Top Product Ideas

5. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by Paul Robichaux, News Editor, exadmin@winnetmag.com)

Many people think of computer security as something that involves bits, bytes, and passwords. You might not think much about a more elementary level of security: the physical security and integrity of your Exchange Server systems and your Outlook client workstations. Dismissing physical security as someone else's problem is easy but foolish: If an attacker gets unrestricted physical access to your computer, it won't be "your" computer much longer. Fortunately, you can take simple steps to make your systems more secure.

Begin by taking a good look at your building's physical security. Can just anyone get in? Is there an alarm? How about fire protection? Is the cooling system adequate for the number of machines you have? These questions might seem obvious (even dumb), but answering them will help you take inventory of your site's physical-security posture.

Next, take a look at your Exchange servers. Are the servers in a separate room—as they should be—or do they sit next to or under someone's desk? If the machines are in a separate room, make sure the room has a locking door. Depending on the value of your hardware, a simple lock might not be adequate; a combination or cipher lock might be more useful. Restrict who gets the key, combination, or code. Permit only those whose jobs require access to enter the server room (or server closet).

What about the machines themselves? If you're using a server rack, it probably has a lockable door—use it. If you have standalone servers with locking hasps, lock the server cases to prevent miscreants from tampering with or stealing internal components or even the entire system. Most machines contain some amount of sensitive data, so consider removing or disabling any drives that could be used to write data to removable media, including 3.5" drives. Set BIOS and power-on passwords.

These steps apply to desktop workstations, too. Much of your organization's most valuable data probably exists on these machines (a reason to consider regular backups as an additional security measure). Also encourage users to use the Windows Security dialog box (they simply press Ctrl+Alt+Delete to access it) to lock their workstations when they leave their desks. An unattended, unlocked workstation is an open invitation to data theft and compromise.

Laptops are somewhat more difficult to secure physically because they're designed to move around. I know of several high-ranking Microsoft and Hewlett-Packard (HP) employees whose unsecured laptops were stolen from their offices, so no one is immune to laptop theft. Buy some cable locks, and teach people to use them. And make sure users take advantage of Encrypting File System (EFS), which ships with Windows XP and Windows 2000, to secure crucial data.

Finally, investigate and use the Syskey utility on all your machines. Attackers often target systems from which they can harvest local account information, but Syskey effectively prevents this type of attack. Syskey is turned on by default in XP and Win2K, and you can enable it manually in Windows NT 4.0 Service Pack 3 (SP3) and later.

None of these steps, other than purchasing locks, costs money. The trick is to use built-in security features to the maximum. Of course, you can do a lot more to beef up physical security, including adding appropriate surveillance and auditing equipment and improving environmental protection (e.g., heating, cooling, fire suppression) measures (see the URL below for some other physical-security suggestions). However, high-end "gates, guards, and guns" measures aren't necessary for most sites. The simple steps I've described will help ensure that your Exchange servers and client systems are (physically) there when you need them.

"Computer Room Fortress"
http://www.winnetmag.com/articles/index.cfm?articleid=22250

SPONSOR: NETWORKING UPDATE EMAIL NEWSLETTER

NEW! NEWS, TIPS, AND MORE TO KEEP YOUR NETWORK HUMMING
Networking UPDATE brings you the how-to tips and news you need to implement and maintain a rock-solid networking infrastructure. We'll explore interoperability solutions, hardware (including servers, routers, and switches), network architecture, network management, network security, installation technology, network training, and WAN disaster recovery. Subscribe (at no cost!) at:
http://www.winnetmag.com/email/networking/

2. ANNOUNCEMENT
(brought to you by Windows & .NET Magazine and its partners)

  • HEY DENVER AND SAN FRANCISCO! GOT SECURITY CONCERNS?

    • Time is running out to register for the Windows & .NET Magazine Security Road Show 2002, coming next week to Denver and San Francisco. Register now and hear Mark Minasi and Paul Thurrott address the topic on everyone's mind: security. Sign up today before it's too late!
    http://www.winnetmag.com/seminars/roadshow

    3. RESOURCES

  • KNOWLEDGE BASE: WINDOWS NT SYSTEM KEY PERMITS STRONG ENCRYPTION OF THE SAM

    • Each week, Microsoft posts several Exchange Server how-to articles to its Knowledge Base. This week, learn how to increase the protection of account-password information that the SAM stores in the registry.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q143475

  • FEATURED THREAD: IMS FORWARDING HELP

    • CSLEBL needs to configure Exchange Server 5.5 systems to handle internal email as well as relay email addressed to other domains. To offer your advice or join the discussion, go to the following URL:
    http://www.winnetmag.com/forums/rd.cfm?cid=40&tid=47681

    4. NEW AND IMPROVED
    (contributed by Carolyn Mader, products@winnetmag.com)

  • LOG AND ARCHIVE INSTANT MESSAGES

    • Cordant announced IMScribe, enterprise-scale software that can log, archive, review, report, and audit Exchange Server Instant Messaging (IM) content. IMScribe, which runs on existing Exchange IM home servers, captures IM traffic and saves the content to local log files. You can search for and review messages according to several criteria (e.g., message content, sender/recipient identities, date ranges) or you can review entire conversation threads. You can view reports that provide statistics about enterprisewide IM activity (e.g., average message size, top 10 message senders, per-user and per-reviewer statistics). For pricing, contact Cordant at 425-653-0900.
    http://www.cordant.com

  • SUBMIT TOP PRODUCT IDEAS

    • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to whatshot@winnetmag.com.

    5. CONTACT US
    Here's how to reach us with your comments and questions:

    • ABOUT THE COMMENTARY — exadmin@winnetmag.com
    • ABOUT THE NEWSLETTER IN GENERAL — lpere@winnetmag.com

    (please mention the newsletter name in the subject line)

    • TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
    • PRODUCT NEWS — products@winnetmag.com
    • QUESTIONS ABOUT YOUR EXCHANGE & OUTLOOK UPDATE SUBSCRIPTION?
      Customer Support — exchangeandoutlookupdate@winnetmag.com
    • WANT TO SPONSOR EXCHANGE & OUTLOOK UPDATE?
      emedia_opps@winnetmag.com

    This email newsletter is brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, tips, and techniques covering migration, backup and restoration, security, and much more. Subscribe today!
    http://www.exchangeadmin.com/sub.cfm?code=neei23xxup

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Thank you for reading Exchange and Outlook UPDATE, Exchange Edition.

    End of Article

    Reader Comments

    You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




    Top Viewed ArticlesView all articles
    Kon-Boot Lets You Bypass Logon for Windows and Linux

    Kon-Boot looks like a very interesting tool since it can get you into a system without having to logon first. ...

    Google to Take On Windows with New OS

    It's official: Google will compete head-to-head with Microsoft's dominant Windows OS with a new system called Google Chrome OS. Based on the Google Chrome browser and not its previous OS effort, the smart phone-based Android system, Google Chrome OS will ...

    Q. How can I continually check a performance counter from Windows PowerShell?

    ...
    Security Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

    The Impact of Messaging and Web Threats

    Why SaaS is the Right Solution for Log Management
    Related Events WinConnections and Microsoft® Exchange Connections

    Security Summit

    Bail Out Your Exchange Environment

    Check out our list of Free Email Newsletters!
    Security eBooks Spam Fighting and Email Security for the 21st Century

    Understanding and Leveraging Code Signing Technologies

    A Guide to Windows Certification and Public Keys
    Related Security Resources Introducing Left-Brain.com, the online IT bookstore
    Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

    Discover Windows IT Pro eLearning Series!
    Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format

    Test Drive IT Solutions and Get Free Music Downloads
    Solve your toughest IT problems with these free downloads and receive 5 free music downloads!


    ADS BY GOOGLE

    Job Openings in IT SPONSORED LINKS FEATURED LINKS
    How Thin-Client Virtual Desktops Can Improve ROI
    Read this Essential Guide to get a technical overview of VDI and understand what you need to consider when planning for desktop virtualization.
    New from Left-Brain.com - Exchange Server 2007 Training Package
    This intensive, 21-hour training course can easily eliminate up to four years of trial, error, and frustration! You’ll learn how to avoid the costly misconfigurations that even the most seasoned experts make. Find out more!

    Improve SharePoint Performance on a WAN
    Learn how to increase in user-perceived remote performance in SharePoint 2007 while decreasing the load on W front-end servers (WFE).

    Exchange Server Consolidation Using Virtualization
    Find out the top 10 reasons your should consolidate Exchange and which consolidation strategy you should choose: physical, virtual, or both.

    Desktop Management is a Never-Ending Job for Administrators
    Get a complete desktop management solution to centralize the management of thousands of desktops that will help you keep up with increased demand with limited manpower.

    Get Windows IT Pro To Go & Save 25%
    The Windows IT Pro Master CD is a powerful combination of content and convenience. Instantly search over 10K solution-driven articles instantly, and get online access to new articles each month at windowsitpro.com. Subscribe today!
    Windows IT Pro Home Register FAQ for Windows WinInfo News
    Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
    SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
    Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
     
     Windows IT Pro is a Division of Penton Media Inc.
     © 2009 Penton Media, Inc. Terms of Use | Privacy Statement | Reprints and Licensing