CYA: Securing Exchange Server 2003 & Outlook Web Access [ILLUSTRATED] (Paperback)

~ Henrik Walther (Author), Patrick Santry (Editor) "When Microsoft came up with its Trustworthy Computing Initiative in 2002, the company conducted a full code review of all its products in an attempt..." (more)
Key Phrases: connection filter rule, application server role, administrative group level, Microsoft Exchange, Outlook Web Access, Internet Explorer (more...)

Editorial Reviews

Product Description

A highly portable, easily digestible road-map to configuring, maintaining and troubleshooting essential Exchange Server 2003 features. The book is organized around the 11 "MMCs" (Microsoft Management Consoles) that contain the configuration menus for the essential features. The options within each menu are explained clearly, potential problems are identified up-front, and configurations are subsequently presented in the aptly named "By the Book" section for that MMC. Readers will also appreciate the "Reality Check" sidebars throughout, which present valuable cost/benefit analyses of situations where there is no single "right" answer.

* Walks the reader through step-by-step configurations to assure they have been thorough and responsible in their work
* Clearly identifies those features of Exchange Server 2003 that represent the highest risk factors for attacks, performance degradation and service failures
* CYA comes right out and says what most IT Professionals are already thinking

About the Author

Henrik Walther is a Senior Microsoft Server Consultant working for an IT outsourcing services company in Copenhagen, Denmark. Henrik has over 10 years of experience in the industry. He specializes in migrating, implementing, and supporting Microsoft Windows Active Directory and Microsoft Exchange environments. Henrik is a Microsoft Exchange MVP (Most Valuable Professional). He runs thewww.exchange-faq.dk website and writes Exchange-related articles for both www.msexchange.org and www.outlookexchange.com. He also spends time helping his peers in the Exchange community via forums, newsgroups, and mailing lists.

Patrick J. Santry (MCSE, MCSA, MCP+SB, A+, i-NET+, CIW CI) is the Microsoft Practice Lead for Sogeti USA in Cleveland, Ohio. He specializes in developing web solutions, and supporting infrastructure. Patrick has written on several books and magazine articles on Microsoft technologies. In addition, he has been awarded the Microsoft Most Valuable Professional (MVP) Award in the field of ASP/ASP.NET for the past three years and runs a popular website for ASP.NET web developers (www.wwwcoder.com).

Product Details

• Paperback: 352 pages
• Publisher: Syngress; 1st edition (April 1, 2004)
• Language: English
• ISBN-10: 1931836248
• ISBN-13: 978-1931836241
• Product Dimensions: 8.8 x 6.1 x 0.9 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (4 customer reviews)
• Amazon.com Sales Rank: #974,819 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #51 in

  Books > Computers & Internet > Microsoft > Development > Exchange

Customer Reviews

Most Helpful Customer Reviews

13 of 16 people found the following review helpful:

4.0 out of 5 stars Empowering Tidbits, Somewhat Incomplete, November 30, 2004

By	Joaquin Menchaca (San José, CA USA) - See all my reviews (REAL NAME)

This book is stock full of potent tidbits that are darn hard to find anywhere; I know because I was scavenging the net, MS articles, several books, etc. for eons and I couldn't find any adequate material that can help me secure Exchange 2k3. Thus far, thanks to this book, I was able encrypt IMAP, POP, and OWA (Outlook Web Access) traffic. I am still working on the RPC over HTTP bit, but definitely a lot further along in the process thanks to this book.

Though despite my delight with the book, there are some short-comings that I would like to highlight:

IMAP/POP configuration
----------------------
- no coverage of client configuration
- no mention of secure ports used (non-obvious to us newbies)
- no mention how to get rid of pesky Un-trusted cert message in Outlook
- public folders no longer accessible after turning on SSL/TLS (IMAP only issue as POP cannot access folders in general)
- no mention of SPA for IMAP/POP and Exchange 2k3 setup (maybe not possible)

OWA configuration
-----------------
- works like a charm, but should mention that port 443 needs to be opened on the firewall if applicable (though this is a no-brainer)

RPC over HTTP configuration
---------------------------
- instructions not completely applicable to Exchange 2k3 SP1 as this portion is now integrated into Exchange UI, rather than IIS
- mention of configuring RPC ports for GC, DS, Store is for "multiserver Exchange environment" according to authors. However, MS's "Exchange Server 2003 RPC over HTTP Deployment Scenarios" has this as a requirement for single server setup.

Relay security
--------------
- think the Exchange UI interface lies to me, as spammers having field day; couldn't readily discern how to open outbound up for a list of users, and open inbound to list of users. :-)
- What is Authenticated Users group. In practice, this seems to be everyone.

IMF spam filter
---------------
- book is outdated as IMF is now free for all to enjoy, not just SA members

I looked at the electronic support site for any updates, and there was nothing. The support site is abysmal, bad URLs, little author participation, no updates, etc.

Overall, great book, despite any faults, this book is so resourceful and accurate and doesn't have fluff that many computer books have these days.

My one wish there could be a another updated version (PDF book :) available to users that bought it. Hey, I can wish can't I!!

16 of 21 people found the following review helpful:

5.0 out of 5 stars A few lines from the author of the book..., July 11, 2004

By	Henrik Walther Kruse (Copenhagen, Denmark) - See all my reviews (REAL NAME)

When I wrote CYA: Securing Exchange Server 2003 & Outlook Web Access the idea were to provide you with a relatively short, very concise, very pedagogy book that teaches you how to configure Exchange 2003 with security in mind. Though the book isn't intended to be a complete reference book on Exchange 2003 Security, as well as it won't teach you everything you need to know about this topic, it will provide you with the most important information.

Also note that CYA: Securing Exchange Server 2003 & Outlook Web Access isn't for true Exchange gurus, instead the book focuses on Exchange Admin's who are relatively newbie's when it comes to Exchange 2003 security.

If you want to read an excerpt from the book (chapter 5) or want to see some of the other stuff I've written, I recommend you give MSExchange.org a visit (click Author > Henrik Walther).

4 of 6 people found the following review helpful:

5.0 out of 5 stars Its all there, February 18, 2005

By	Andy Muller (Ottawa Ont) - See all my reviews

Great book. You made it simple to read complex information.
Say what you want, screen shots do make a difference. I would rather see your step by step instructions in conjunction with written directives, then spend the time reading 10 pages trying to understand what you are trying to say. Meat and potatoes book. I love it.It was my one stop book for Exchange Security

Thanks Guys.