Chapter 10. Exchange Security


Email has become critically important to many businesses, and the security landscape surrounding Exchange has come to reflect that importance. When Exchange 5.5 first shipped, spam was not a problem, most organizations had no need for antivirus software, and many took a rather casual approach to patch management and network security. Now, though, there are some baseline best practices that are very widely adhered to. Because this is a generalized Exchange cookbook, we can’t go into exhaustive detail for all of them; the recipes in this chapter focus on the most important things that you should do to secure your Exchange servers.

Messaging security generally breaks down into three areas: confidentiality (keeping private material private), integrity (ensuring that message data isn’t tampered with or accidentally damaged), and availability (ensuring that data is available when users need it). Most security solutions focus on providing confidentiality and integrity, and so will the recipes in this chapter.

Where to Learn More

To a greater extent than the other chapters in this book, this chapter assumes that you will do some outside reading—a lot of it, in fact. That’s because the semantics and implementation requirements for messaging security are fairly strict, and there’s a ton of background material that you need to be familiar with to completely secure your Exchange environment against the particular threat model that your organization faces. ...

Get Exchange Server Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.