- IE 8 hits Beta 2, privacy features added
- 10 Firefox add-ons for better browsing
- Cisco buys PostPath
- 595 immigrants arrested at electronics plant
- Locked iPhones can be unlocked without password
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
With Exchange 2007, Microsoft has introduced the concept of an Edge Transport server which is the outward-facing messaging component for handling SMTP network traffic.
An Exchange 2007 server in this role can send and receive Internet mail for the Exchange network (and do such things as blocking viruses and spam) but isn’t joined to the Active Directory domain. With this in place, Microsoft claims you can minimize security exposure.
We performed an initial security evaluation of the Edge Transport mode of Exchange as you would in an enterprise while doing the initial research on what it would take to deploy and defend Exchange 2007.
The first thing you notice is that the Edge Transport is definitely not the only thing at the edge. Outlook Web Access services and direct connections from Outlook clients and mobile devices still talk directly to Exchange servers that are fully part of the trusted inner circle. So the Edge Transport server handles strictly SMTP-based communications, which is only a part of the potential attack surface.
Current attack strategies often focus on Microsoft’s RPC mechanisms, IIS Web server transaction, and on vulnerable behavior of the email client, such as Outlook. SMTP attacks are simply not all that popular today. The Edge Transport is a sort of a Maginot Line in that Microsoft has put a lot of effort into defending something that may well not be where the attacks come from.
The Edge Transport uses a lightweight interface to Active Directory, ADAM (Active Directory Application Mode), to tie into the larger Exchange 2007 network. This limits the amount of directory information present near the edge to the minimum needed, the email addresses to be accepted.
The Edge Transport enforces email and security policies through message header inspection, content inspection and blacklist/whitelist management for all email traffic. Microsoft’s layers its anti-virus/anti-spam product Forefront Security on top of the Edge Transport server to block inappropriate email. Microsoft offers some protections in the communication between the Edge Transport server and the rest of the Exchange network to ensure that spam and virus verdicts cannot be faked by an attacker.
Another issue lies in the fact that there isn’t really documentation on Exchange 2007 security deployment and internals.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find out more
Disk and Tape Square Off
Discover what disk and tape really cost -- and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download the White Paper
Don't Fall For The Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Download the White Paper
Will You Add Tape Too?
Over two thirds of disk-only users look to add tape back into storage infrastructure according to recent survey.
Download Survey Information
Comment