|
Secure Remote
Access to Microsoft Exchange Servers This
is a guest Column contributed by Tom Shinder Microsoft
made a big deal of "perimeter security" at the recent
partner conference in New Orleans. Perimeter security is one of the
cornerstones of the current Microsoft security initiative. There's
no doubt that perimeter security is important. The rule of large
numbers makes it clear that there are always going to be a lot more
bad guys on the outside than on the inside and those bad guys on the
outside have a lot more time and tend to be bolder with their
exploits. One
thing Microsoft didn't make clear is where exactly does the
perimeter begin? Does the perimeter begin at the Internet edge of
the network? Does the perimeter begin on the LAN interface of the
Internet connected router? Does it being on the external interface
of the edge firewall? Is there only one perimeter, or can you have
multiple perimeters on the corporate network? It's
important to be able to define your perimeter networks because the
type and level of security provided by perimeter security devices
varies based on the hosts directly and indirectly impacted by the
perimeter devices in front of them. In fact, an excellent way to
define your perimeters is by the "security zones" that
they enclose. Examples
of security zones include:
The edge of each of these security zones represents the perimeter
of that network. One of the most important network zones is the
internal network. This network is behind the external network, the
backbone network and sometimes the DMZ network. The internal network
is the security zone needs to be the most highly fortified against
external attack. One
of the most important servers that must be located on the internal
network is the Exchange Server. Exchange Servers must be located in
the same security zone as the Active Directory because Exchange
depends on Active Directory for its user database and a number of
other critical functions. This works great for users and computers
on the internal network because the Exchange Servers are located
within the same security perimeter as the users who connect to it. Problems
crop up when you need to allow remote users access to the Exchange
Server. The concept of a "day off" from corporate email is
fading into history. Corporate execs realize that just a single day
away from Exchange email can make the difference between landing
that "Big Deal" and getting ready for another resume fax
broadcast session. That's
why the ISAServer.org community and I put together the ISA Server
2000 Exchange 2000/2003 Deployment kit. This kit contains 32
documents that give detailed step by step instructions on how to
allow highly secure connections from remote Outlook Express, Outlook
2000 and Outlook 2003 clients to the Exchange Server on the internal
network security zone. The
ISA Server 2000 Exchange 2000/2003 Deployment kit provides every
detail you need to allow remote Outlook (and other email clients)
very highly secured access to the following Exchange Service and
protocols:
You don't even need to replace your current firewall
infrastructure to leverage the unique protection that ISA Server
firewalls provide. The details are in the kit. If you currently
allow remote users access to your corporate Exchange Server, or if
you're thinking about putting together a remote access solution for
Exchange services, then check out the ISAServer.org ISA Server 2000
Exchange 2000/2003 Deployment Kit. Even if you don't end up using
ISA Server, I guarantee you'll learn a ton about secure remote
access to Exchange Server services and help bolster your perimeter
defenses. For more info and download details for the ISA Server 2000
Exchange 2000/2003 Deployment Kit, check out: |
|
|
|
|
|
|
|
MS First Quarter
Earnings: UP
MS
beat the analyst expectations just slightly with their financial
results for the first quarter. They announced revenues of $8.22
billion for the quarter ended Sept. 30, a 6 percent increase from
the $7.75 billion in the quarter a year ago. However,
Redmond reported a larger drop in unearned revenue from multi-year
licensing agreements. That really means their Licensing 6.0.
Expectations were a drop-off of $200 million to $300 million in
unearned revenue, but the actual figure for the quarter was more
than twice as bad. Consumer spending helped buffer the Licensing 6.0
shortage. Microsoft
CFO John Connors said they had been too optimistic on contracts from
large customers and that sales people had been distracted helping
customers cope with the Blaster virus. Relevant news for
administrators is that their Server and Tools business grew 15
percent year-over-year to $1.87 billion this quarter. SQL Server and
Exchange Server also saw double-digit revenue growth. Windows Server
2003 has sold two times as many licenses as Windows 2000 Server over
the same period of time since the launch. The seats-sold count for
Exchange is now at 120 million. Extending AD's
reach to Windows NT and 9x clients Yes,
you can use Active Directory to manage your Windows NT and 9X users
and desktops. You can with a patch that extends some of AD's most
popular management features to NT and 9x clients. Windows desktop
administration expert Serdar Yegulalp maps out what the client
extensions can and cannot do, and tells how and where to install
them. Check out the article on SearchWin2000 at: Ballmer Trashes
Open Source
ENTMag
just came out with an article, very timely indeed, just after last
week 50% of you said you trust open source software. Perhaps MS CEO
Steve Ballmer read the article in W2Knews, but he effectively closed
the door on any MS involvement in open source initiatives, saying
that the commercial approach to software development and sales
provides the best security and value to enterprise customers. In
addition, Ballmer branded open source as a channel of last resort
for software products that failed in the commercial marketplace.
While distancing Microsoft from the open-source world, he
half-jokingly replied "never say never" when asked if the
software giant would support Linux if the market were large enough.
Ballmer, known for his frank, no-holds-barred style, fielded
questions about competition from open source software and other
topics at this week's Gartner's Symposium/ ITxpo 2003 conference in
Orlando, Florida. Read more at ENT: MS Unleashes
Exchange Server 2003 They
officially threw it out there on October 21, 2003. Their main goal
is to convert the 50% of Exchange users that are still on V5.5.
There are around 120 Million seats sold for Exchange worldwide, and
most of these waited upgrading because getting to AD was considered
a major pain. The
Exchange Product Manager, Missy Stern, said that this time it's
different. They took 3 years to look and listen, and came up with a
relatively smooth upgrade path. About 200 have made the jump, with
around 330K end users. There is one major benefit which is server
consolidation. Looks like you can cut the needed servers in half.
Pricing is the same as Exchange 2000. (PS, iHateSpam Server is
supported on both Exchange V5.5 and 2003, the upgrade is free if you
go from V5.5 to 2003). |
