1 / 41

Module 6 Implementing Messaging Security

Module 6 Implementing Messaging Security. Module Overview. Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution Configuring Secure SMTP Messaging. Lesson 1: Deploying Edge Transport Servers . What Is the Edge Transport Server Role?

malachi-sanford
Download Presentation

Module 6 Implementing Messaging Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 6 Implementing Messaging Security

  2. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution Configuring Secure SMTP Messaging

  3. Lesson 1: Deploying Edge Transport Servers • What Is the Edge Transport Server Role? • Edge Transport Server Role Infrastructure Requirements • What Is AD LDS? • Demonstration: How to Configure Edge Transport Servers • What Is Edge Synchronization? • How Internet Message Flow Works • Demonstration: How to Configure Edge Synchronization • What Is Cloned Configuration? • Discussion: Securing Edge Transport Servers

  4. What Is the Edge Transport Server Role? The Edge Transport server role provides: Internet message delivery Antivirus and anti-spam protection Edge transport rules Address rewriting The Edge Transport server role: Cannot be deployed with any other server role Should not be a member of the internal Active Directory domain Should be deployed in a perimeter network

  5. Edge Transport Server Role Infrastructure Requirements The Edge Transport server: Must be configured with a Fully Qualified Domain Name Requires a minimal number of ports opened on the internal and external firewalls Must be configured with the IP addresses for DNS servers that can resolve DNS names on the Internet

  6. What Is AD LDS? AD LDS is an LDAP directory service that stores information for directory-enabled applications AD LDS on an Edge Transport server stores: Schema information Configuration information Recipient information You can use the Exchange Server 2010 tools to perform most of the AD LDS configuration tasks

  7. Demonstration: How to Configure Edge Transport Servers • In this demonstration, you will: • Review the Edge Transport server default configuration

  8. What Is Edge Synchronization? Edge Synchronization replicates Active Directory information to AD LDS on Edge Transport servers Reasons for implementing Edge Synchronization include: Simplifying Edge Transport server configuration Using recipients for transport or filtering rules Edge Synchronization: Includes configuration and recipient information Is always initiated by Hub Transport servers

  9. How Internet Message Flow Works 1 Hub Transport / Client Access / Mailbox Server 6 5 4 2 3 Edge Transport Server

  10. Demonstration: How to Configure Edge Synchronization • In this demonstration, you will: • Enable Edge Synchronization • Test Edge Synchronization • Configure address rewriting

  11. What Is Cloned Configuration? Cloned configuration is a process of configuring multiple Edge Transport servers with identical configurations To implement cloned configuration, use the: ExportEdgeConfig script to export configuration information ImportEdgeConfig script to validate the configuration on the target server, and then create an answer file ImportEdgeConfig script to import configuration information

  12. Discussion: Securing Edge Transport Servers • Why is it important to secure Edge transport servers? • What factors should you consider at the operating system level? • How do you secure an Edge Transport Server?

  13. Lesson 2: Deploying an Antivirus Solution Antivirus Solution Features in Exchange Server 2010 What Is Forefront Protection 2010 for Exchange Server? Forefront Protection 2010 Deployment Options Best Practices for Deploying an Antivirus Solution Demonstration: How to Install and Configure Forefront Protection 2010 for Exchange Server

  14. Antivirus Solution Features in Exchange Server 2010 Exchange Server 2010 supports: Using the same VSAPI as is used in Exchange Server 2003 and Exchange Server 2007 Using transport agents to filter and scan messages Using antivirus stamping to mark each scanned message Integration with Forefront Protection 2010 for Exchange Server

  15. What Is Forefront Protection 2010 for Exchange Server? Benefits of Forefront Protection 2010 for Exchange Server include: • Antivirus scan with multiple scan engines • Full support for VSAPI • Microsoft IP Reputation Service • Spam signature updates • Premium spam protection • Automated content filtering updates

  16. Forefront Protection 2010 Deployment Options You can install Forefront Protection 2010: • Only on an Edge Transport server or a Hub Transport server • On an Edge Transport server or a Hub Transport server and a Mailbox server When installing Forefront Protection 2010, consider: • The number of scan engines required • The types of scan engines that should be used

  17. Best Practices for Deploying an Antivirus Solution When you implement an antivirus solution, you should: • Implement multiple layers of antivirus such as: • Firewall or Edge Transport server • Client • Exchange server • Maintain regular antivirus updates

  18. Demonstration: How to Install and Configure Forefront Protection 2010 for Exchange Server • In this demonstration, you will see how to: • Install Forefront Protection 2010 for Exchange Server • Configure Forefront Protection 2010 for Exchange Server • Manage Forefront Protection 2010

  19. Lab A: Configuring Edge Transport Servers and Forefront Protection 2010 Exercise 1: Configuring Edge Transport Servers Exercise 2: Configuring Forefront Protection 2010 for Exchange Servers Logon information Estimated time: 45minutes

  20. Lab Scenario You are a messaging administrator in A. Datum Corporation, which is a large multinational organization. Your organization has deployed Exchange Server 2010 internally, and it now wants to extend it so that everybody can send and receive Internet e-mail. As part of your job responsibilities, you need to set up an Edge Transport server, and then install an antivirus solution to scan all mail.

  21. Lab Review When you implement new certificates on your existing Edge Transport server, what do you need to consider? Does the Forefront Protection 2010 Suite scan the message multiple times when it is passed over Edge Transport and Hub Transport servers?

  22. Lesson 3: Deploying an Anti-Spam Solution Overview of Spam-Filtering Features How Exchange Server 2010 Applies Spam Filters What Is Sender ID Filtering? What Is Sender Reputation Filtering? What Is Content Filtering? Demonstration: How to Configure Anti-Spam Options

  23. Overview of Spam-Filtering Features

  24. How Exchange Server 2010 Applies Spam Filters Exchange Server 2010 Edge Transport server IP Allow List Connection Filtering IP Block List RBL Sender Filtering Internet Recipient Filtering Outlook Safe Senders List Sender ID Filtering Exceed SCL Threshold Content Filtering Below SCL Threshold

  25. What Is Sender ID Filtering? DNS Server Edge Transport Server SMTP Server 2 Hub Transport Server 1 4 Internet 3 Sender ID filtering is a concept in virus protection that was introduced in Exchange Server 2007 You can configure it to: • Reject messages and issue an nondelivery report (NDR) • Delete messages without sending an NDR • Stamp the messages with the SenderID result, and continue processing

  26. What Is Sender Reputation Filtering? Sender Reputation filtering filters messages based on information about recent e-mail messages received from specific senders The Protocol Analysis agent assigns an SRL that is based on: • Sender open proxy test • HELO/EHLO analysis • Reverse DNS lookup • Analysis of SCL ratings on messages from a particular sender

  27. What Is Content Filtering? Content Filtering analyzes the content of each e-mail message and assigns an SCLto the message You can configure content filtering to: • Delete, reject, or quarantine messages that exceed an SCL value • Block or allow messages based on a custom word list • Allow exceptions so that messages sent to specified recipients are not filtered Quarantined messages are sent to a quarantine mailbox

  28. Demonstration: How to Configure Anti-Spam Options • In this demonstration, you will see how to: • Configure Connection Filtering • Configure Sender and Recipient Filtering • Configure Sender ID and Sender Reputation Filtering • Configure Content Filtering

  29. Lesson 4: Configuring Secure SMTP Messaging Discussion: SMTP Security Issues SMTP E-Mail Security Options Demonstration: How to Configure SMTP Security What Is Domain Security? How Domain Security Works Process for Configuring Domain Security Demonstration: How to Configure Domain Security How S/MIME Works

  30. Discussion: SMTP Security Issues • What are the SMTP security issues? • How do you currently secure SMTP?

  31. SMTP E-Mail Security Options SMTP e-mail can be additionallysecured by using authentication and authorization on the SMTP connector

  32. Demonstration: How to Configure SMTP Security • In this demonstration, you will see how to: • Configure an externally secured SMTP Connector • Configure an SMTP Connector that requires TLS and authentication

  33. What Is Domain Security? Uses mutual TLS with business partners to enable secured message paths over the Internet To set up mutual TLS: • Generate a certificate request for TLS certificates • Import and enable the certificate on the Edge Transport server • Configure outbound Domain Security • Configure inbound Domain Security

  34. How Domain Security Works Mail Client Mail Client 1 2

  35. Process for Configuring Domain Security To configure Domain Security: 1 Generate a certificate request for TLS certificates 2 Import certificate to Edge Transport servers 3 Configure outbound Domain Security 4 Configure inbound Domain Security 5 Notify partner to configure Domain Security 6 Test mail flow

  36. Demonstration: How to Configure Domain Security • In this demonstration, you will see how to: • Verify certificate and check Receive connector • Configure Domain Security

  37. How S/MIME Works S/MIMEInfrastructure requirements: • The sender must have a valid certificate installed • All target addresses must have a public certificate available either locally or in Active Directory • Can use either an internal or public CA

  38. Lab B: Implementing Anti-Spam Solutions • Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers Logon information Estimated time: 65minutes

  39. Lab Scenario After configuring the Edge Transport server and installing an antivirus solution, you must implement an anti-spam solution.

  40. Lab Review • What anti-spam agents are available in Exchange Server 2010? • What is the purpose of the SCL threshold? • What are the possible issues in implementing Domain Security for your partner domains?

  41. Module Review and Takeaways Review Questions Common Issues and Troubleshooting Tips

More Related