Exchange Connections 2006 - Security for Exchange: Assessment, Auditing, and Hardening session
I am presenting a full-day session at the Exchange Connections 2006 conference in Orlando (April 9 - 12) and again at the Exchange Connections - Europe conference in Nice (April 25 - 28), France. Here is a brief outline of some of the topics that will be covered. I'm hoping that this session will nicely mesh with an eBook I am currently working on for realtimepublishers.com. Hope to see some of my regular readers either in Orlando or Nice.
Security for Exchange: Assessment, Auditing, and Hardening
Keeping the Exchange data secure, allowing access to Exchange serves both remotely and locally, protecting users from malicious e-mail content, reducing the amount of spam users receive, and keeping the Exchange services available is a significant part of the typical Exchange administrator’s job. In this tutorial, we will cover the following topics:
- The common (and uncommon) vulnerabilities including many that a typical administrator may not think about until it is too late.
- Best practices for Exchange administration with security and stability in mind
- How to implement auditing of Exchange to learn the most about typical activities and to diagnose potential intrusions.
- The Exchange antivirus API, virus detection methodologies, multi-layer virus detection, and some common approaches to preventing viruses from disrupting a user’s daily routine.
- Real-world solutions for fighting spam including multiple approaches to content inspection, spam detection, and preventing false positives. Approaches such as white-listing, grey listing, black-listing, sender address verification technologies, Sender Id (SPF), and Domain Keys will be covered.
- Using a Managed Provider for inbound SMTP message hygiene.
- Discuss the top antivirus and anti-spam 3rd party and Microsoft solutions on the market and the pros and cons of each.
- How to most securely provide Exchange services to users outside of your corporate network whether they use the Outlook client, Outlook Web Access, mobile devices, or a POP3/IMAP4 client.
- Understanding PKI and S/MIME for providing end-to-end protection of e-mail content.
- Examining Enterprise Rights Management for use with messaging systems.
- Best practices for Exchange server security and content security