TechNet Home > TechNet Security > Guidance > Exchange Server

CheckList - Securing Exchange Communications

Updated: February 6, 2004

On This Page
How to Use This Checklist How to Use This Checklist
Securing Communications in Outlook 2002Securing Communications in Outlook 2002
Securing Web Browser and ISA communicationSecuring Web Browser and ISA communication
Securing ISA and OWA Front-End communicationSecuring ISA and OWA Front-End communication
Securing OWA Front-End and Back-End Exchange ServersSecuring OWA Front-End and Back-End Exchange Servers
Securing SMTP CommunicationsSecuring SMTP Communications

How to Use This Checklist

This checklist is a companion to the module, "Securing Exchange Communications." Use it to help you to secure your Exchange 2000 servers, or as a quick reference for the corresponding module. This checklist should develop as you discover steps that help you to implement your secure Exchange organization.

Top of pageTop of page

Securing Communications in Outlook 2002

CheckDescription

Remote procedure call (RPC) encryption enabled in client between Microsoft Outlook messaging and collaboration client and Exchange.

Certificate installed on client for Simple/Multipurpose Internet Mail Extensions (S/MIME) encryption.

Key Management service installed to provide certificates internally.

Top of pageTop of page

Securing Web Browser and ISA communication

CheckDescription

At least ISA Server SP1 installed.

Secure Sockets Layer (SSL) certificate installed on ISA server from a globally trusted Certificate Authority (CA).

Common or friendly name of SSL certificate matches Fully Qualified Domain Name (FQDN) used by Outlook Web Access (OWA).

ISA server configured to only accept secure channel connections

Top of pageTop of page

Securing ISA and OWA Front-End communication

CheckDescription

SSL certificate installed on OWA server from a globally trusted CA.

Common or friendly name of SSL certificate matches FQDN used by OWA.

Secure channel required for OWA connection.

Basic authentication enabled for OWA connection.

Top of pageTop of page

Securing OWA Front-End and Back-End Exchange Servers

CheckDescription

IPSec Port 80 Outbound from OWA front-end configured to "encrypt" using Group Policy.

IPSec Port 80 Inbound from OWA front-end configured to "block" using Group Policy.

IPSec Port 80 Inbound from Exchange back-end configured to "encrypt" using Group Policy.

Policy applied on Exchange servers using secedit /refreshpolicy machine_policy /enforce command.

IP Security Monitor configured and IPSec communication checked.

Top of pageTop of page

Securing SMTP Communications

CheckDescription

ISA server configured to Publish Simple Mail Transfer Protocol (SMTP) server.

Message Screener configured on ISA server.

Separate SMTP gateway established.

External SMTP mail relay prevented.

Internal SMTP mail relay secured.


Top of pageTop of page