Securing and Maintaining an Exchange Server 2007 Implementation

by Ruper Meredith.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on servers  

You are here: Categories » Computers and technology » Servers

One of the greatest advantages of Exchange Server 2007 is its emphasis on security. Along with Windows Server 2003, Exchange Server 2007 was developed during and after the Microsoft Trustworthy Computing initiative, which effectively put a greater emphasis on security over new features in the products. In Exchange Server 2007, this means that the OS and the application were designed with services “Secure by Default.”

With Secure by Default, all nonessential functionality in Exchange must be turned on if needed. This is a complete change from the previous Microsoft model, which had all services, add-ons, and options turned on and running at all times, presenting much larger security vulnerabilities than was necessary. Designing security effectively becomes much easier in Exchange Server 2007 because it now becomes necessary only to identify components to turn on, as opposed to identifying everything that needs to be turned off.

In addition to being secure by default, Exchange Server 2007 server roles are built in to templates used by the Security Configuration Wizard (SCW), which was introduced in Service Pack 1 for Windows Server 2003. Using the SCW against Exchange Server helps to reduce the surface attack area of a server.

Patching the Operating System Using Windows Software Update Services

Although Windows Server 2003 presents a much smaller target for hackers, viruses, and exploits by virtue of the Secure by Default concept, it is still important to keep the OS up to date against critical security patches and updates. Currently, two approaches can be used to automate the installation of server patches. The first method involves configuring the Windows Server 2003 Automatic Updates client to download patches from Microsoft and install them on a schedule. The second option is to set up an internal server to coordinate patch distribution and management. The solution that Microsoft supplies for this functionality is known as Windows Software Update Services (WSUS).

WSUS enables a centralized server to hold copies of OS patches for distribution to clients on a preset schedule. WSUS can be used to automate the distribution of patches to Exchange Server 2007 servers, so that the OS components will remain secure between service packs. WSUS might not be necessary in smaller environments, but can be considered in medium-sized to large organizations that want greater control over their patch management strategy.

Implementing Maintenance Schedules

Exchange still uses the Microsoft JET Database structure, which is effectively the same database engine that has been used with Exchange from the beginning. This type of database is useful for storing the type of unstructured data that email normally carries, and has proven to be a good fit for Exchange Server. Along with this type of database, however, comes the responsibility to run regular, scheduled maintenance on the Exchange databases on a regular basis.

Although online maintenance is performed every night, it is recommended that Exchange databases be brought offline on a quarterly or, at most, semiannual basis for offline maintenance. Exchange database maintenance utilities, eseutil and isinteg, should be used
to compact and defragment the databases, which can then be mounted again in the environment.

Exchange databases that do not have this type of maintenance performed run the risk of becoming corrupt in the long term, and will also never be able to be reduced in size. Consequently, it is important to include database maintenance into a design plan to ensure data integrity.

Share
Leave a comment or ask a question
Total comments: 0

Servers Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Why network administrators need a network bandwidth monitor - Every network admin should monitor network bandwidth and traffic usage in his local network to use the enterprise resources efficiently. To do that, you need to install a network bandwidth moni (more...)
What is a Server - Server describes a function rather than a particular PC technology or design. A server is a computer that provides resources that can be shared by other computers. Those resources include file (more...)
What is a Network Computer - The opposite direction for the home PC is one stripped of power instead of enhanced. Instead of being a general purpose machine, this sort of home PC would be particularly designed for interacti (more...)
Are Used Cisco switches worth buying - Buying new things all the time can be a great fun. Seeing every bit of computer equipment looking new and shiny can be very satisfying. With the recession in full swing at the moment most people ar (more...)
How to Configure a NTP Network Time Server in Windows 2000 - Summary: This article describes how to configure Windows 2000 to act as an authoritative time server using NTP (Network Time Protocol). Computer time synchronisation is highly impo (more...)
The Apache Web Server - There are currently two different versions of Apache: the original 1.3.x series and the newer Apache 2.x series. In this guide, we're going to look at the latest version of the 1.3.x series, wh (more...)
Installing and Setting Up IIS - IIS was developed by Microsoft and runs only on the Windows Server operating systems (Windows NT, 2000, and XP Professional). Note that it's not available with Windows XP Home Edition. IIS has (more...)
Installing PHP for IIS - In this tutorial we'll describe how to add PHP functionality to IIS, so that you can use IIS to serve PHP pages. We assume that at this stage that your IIS server is set up and running correctl (more...)
Install MySQL on Linux - This tutorial describes how to install MySQL on a Linux Server, using the Linux shell prompt. You can use this shell either on the Linux server itself or remotely through a Telnet session. You (more...)
Install MySQL on Windows - We'll look at three stages: downloading, installing, and starting the server. Downloading MySQL The first step to installing MySQL on Windows is to download the instal (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.