Upgrade your servers to Microsoft Windows Server 2003 R2. This is especially important on your Internet-facing servers. Windows Server 2003 R2 includes enhancements, such as the Security Configuration Wizard (SCW). SCW blocks all incoming traffic to newly installed servers until the latest security and quality improvements Windows Server 2003 are applied.

You should also consider upgrading your e-mail servers to Microsoft Exchange Server 2003 Service Pack 2. Exchange 2003 Service Pack 2 includes enhanced mobile device security. Last week, we released the first beta version of the next version of Exchange, Exchange 12, to a limited group of testers. Exchange 12 will include improvements in messaging protection. There will be opportunities to preview and evaluate the product during 2006. You can find more information about Exchange 12 here.

Install Microsoft Windows XP Service Pack 2 on all your computers to ensure that they are fully protected. This is particularly important for your mobile portable computers and remote computers. Also, make sure that you activate a desktop firewall such as the one that is built into Windows XP. Enable the Automatic Updates feature in addition to installing the antivirus software.

You should also consider upgrading your e-mail clients to Microsoft Outlook 2003 Service Pack 2 (SP2). Outlook 2003 SP2 includes phishing protection that is built into the Junk E-mail filter as well as the Outlook E-Mail Security Update (OESU). The OESU blocks many virus and worm e-mail attacks. All currently supported versions of Outlook incorporate the features of the OESU. If you’re running Microsoft Outlook 2000, you should update to Microsoft Office 2000 Service Pack 3. Office 2000 Service Pack 3 incorporates the OESU and provides you with this additional level of protection. Of course those of you who are using Office XP and Office 2003 already have OESU built in.

Deploying ISA Server 2004 to help safeguard your Exchange Server. ISA Server 2004 promotoes security to Outlook Web Access. Visit the Microsoft ISA Server Web site for guidance on how to deploy ISA Server 2004.

Deploying remote procedure call (RPC) over HTTP, which allows Outlook users to access their Exchange Server accounts from the Internet more securely when they are traveling or are working outside their organization's firewall. You can configure user accounts in Outlook 2003 to connect to Exchange Server 2003 over the Internet without the need to use virtual private network connections. This helps you keep the number of computers in the Perimeter Network (also known as DMZ, Demilitarized Zone, and Screened Subnet) manageable and, therefore, more secure.

Deploying smart cards. By using smart cards, users can be authenticated and authorized to have access to specific information based on preset privileges.

Installing and maintaining antivirus software, such as Antigen for Microsoft Exchange on your mailbox servers. Antigen for Exchange delivers comprehensive server-level antivirus protection with a unique, powerful, multiple-scan engine management approach and advanced content-filtering capabilities. This will help eliminate viruses that are already in the network and may be trying to hop from desktop to desktop through e-mail.

For a second layer of defense, consider managed services such as FrontBridge Technologies, a recent acquisition of Microsoft. These hosted solutions help protect your e-mail infrastructure by eliminating viruses before they ever reach your network. They also help you focus resources on areas that most directly affect your business while minimizing up-front capital investments. For more information about Microsoft’s solutions for mailbox server protection, visit the Microsoft Windows Server System Web site.

You can do this by implementing Windows Rights Management Services and the Information Rights Management technology in Office 2003 to protect confidential information. With these technologies you can define exactly how information can be used, such as who can open, modify, print, forward or take other actions with the information.

Use a managed service, such as FrontBridge Technologies, to filter out spam before it reaches your network.

Alternatively, if you have the resources on staff to manage your own filtering or prefer to manage it yourself, you should use dedicated anti-spam software such as Sybari Advanced Spam Manager to filter spam and unsolicited content on SMTP Gateway and Microsoft Exchange servers. It should be deployed as close to the network edge as possible, to eliminate junk e-mail before it can waste bandwidth on your network and disk space on your servers.

If you don’t have a managed service or dedicated anti-spam software, use the Intelligent Message Filter (IMF) in Exchange Server 2003 SP2 to filter out junk e-mail.

In addition to spam filtering, you should also authenticate inbound and outbound e-mail via the Sender ID Framework. This helps block forged and spoofed e-mail, which is not only unwanted – it’s also a threat to corporate security.

Use controls in Outlook 2003 to prevent images embedded in messages from being automatically downloaded when the messages are opened. This helps thwart Web beacons – a technique spammers use to track whether recipients open junk e-mails. You can get the same functionality for older versions of Outlook by downloading the Outlook E-mail Security Update.

It is important to monitor your e-mail infrastructure to verify compliance with regulatory requirements, such as content filtering or confidentiality policies. With software and services such as Antigen and FrontBridge, you can filter messages that are based on keywords, attachments, and many other attributes. This helps enforce appropriate use and prevent breaches of regulation.

But policies are only effective if they are enforced and remain relevant to the current regulations and conditions of your infrastructure. So be sure to review and update your policies on a regular basis. Periodic scheduled audits are a good way to do this review, and can also help demonstrate compliance with policies and regulations.

Archiving e-mail is another critical piece of secure messaging in order to comply with government regulations. Microsoft’s managed messaging services include Message Archive and Active Message Continuity. These services provide uninterrupted e-mail accessibility with a 30-day historical e-mail store. They also provide a fully-indexed, searchable archive; rapid recovery from unplanned disasters and network outages; and customized report generation for demonstrating compliance. To learn more about these services, visit the Microsoft Exchange Server Web site.

Exchange Server 2003 SP2 Overview
Learn how Exchange Server 2003 SP2 offers a huge leap forward in mobility capabilities.

What's new for Outlook 2003 in Service Pack 2
Check out the latest features of Outlook 2003 SP2.

Security Resources for Exchange Server 2003
Feel confident about your Exchange Server 2003 security with the aid of the TechNet, Microsoft Knowledge Base, and other resources listed on this page.